On 2/16/2015 4:34 PM, Marek Posolda wrote:
Still thinking whether it's better to use federation SPI or
identity
broker SPI for kerberos integration. I am finally much more inclined to
Federation SPI ;-)
That's why I brought it up before...I wasn't sure what the right SPI to
use would be, or if our SPIs needed to improve and be refactored. Maybe
the answer is use both??? *shrug*
I don't know if this makes sense, but a kerberos broker would import
users from information from the kerberos ticket. A Kerberos Federation
Provider interacts directly with an LDAP server to provide a more
complete integration point??? I don't know...just thinking. I don't
know enough about kerberos or how people want to use it with us to make
a decision.
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com