entrouvert
/
paul-synchro
Archived
17
0
Fork 0
Code Issues Pull Requests Releases Activity

SSO Tournai - BLOCKER: challenge WWW-Authenticate 

- client et serveur authentic (avec backend Kerberos) semblent
    correctement configures
    - le navigateur accepte les challenges WWW-Authenticate depuis
    l'IdP (option Firefox network.negotiate-auth.trusted-uris)
    - le cache de tickets est rempli avec un ticket valide pour un
    user principal present dans l'AD
    - la configuration krb5 cotes poste client et serveur IdP
    semble correcte
    - le fichier keytab de l'AD a ete copie sur le serveur IdP et
    renseigne a authentic via l'option KRB5_KTNAME

TODO: debugger l'erreur django_kerberos "Access unauthorized please
refresh your ticket cache "
This commit is contained in:
Paul Marillonnet 2017-05-15 19:19:11 +02:00
parent b12bdc366d
commit 4120634eb6
1 changed files with 19 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
doc.md
View File

@ -2624,6 +2624,25 @@ Valid starting Expires Service principal
05/15/2017 15:16:37 05/16/2017 01:16:37 krbtgt/ENTROUVERT.LOCAL@ENTROUVERT.LOCAL
renew until 05/16/2017 15:16:34
installation de django_kerberos ?
BLOCKER :
TemplateDoesNotExist at /accounts/kerberos/login/
django_kerberos/unauthorized.html
FIX: reinstallation de django_kerberos
Authentic2 - phyhost
Homepage
Access unauthorized please refresh your ticket cache
LA RFC est claire à ce sujet:
The 401 (Unauthorized) response message is used by an origin server
to challenge the authorization of a user agent.
//CURRENT2
## Etude synchro brouillon