[prev in list] [next in list] [prev in thread] [next in thread] 

List:       forgerock-openam
Subject:    Re: [OpenAM] Auth chain using WDSSO
From:       Bernhard Thalmayr <bernhard.thalmayr () painstakingminds ! com>
Date:       2017-07-04 6:39:31
Message-ID: 528e3d13-6a77-b6f8-bed2-727a7224f3f3 () painstakingminds ! com
[Download RAW message or body]

If NTLM is chosen on the browser side, it's totally unrelated to OpenAM.

Either it's related to browser / ADFS / KDC / DNS configuration.

-Bernhard

Am 30/06/17 um 18:16 schrieb Cyril Grosjean:
> 
> There're possibly other reasons where NTLM is chosen, basically when one
> of the conditions for Kerberos mentioned in Simon's article is not met:
> 
> - since you created the keytab file, did the UPN changed or did you add
> other SPN's to the same UPN ?
> 
> - do you have an 'A' type of record in your DNS ?
> 
> 
> _______________________________________________
> Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
> OpenAM mailing list
> OpenAM@forgerock.org
> https://lists.forgerock.org/mailman/listinfo/openam
> 


-- 
Painstaking Minds
IT-Consulting Bernhard Thalmayr
Herxheimer Str. 5, 83620 Vagen (Munich area), Germany
Tel: +49 (0)8062 7769174
Mobile: +49 (0)176 55060699

bernhard.thalmayr@painstakingminds.com - Solution Architect
http://www.xing.com/profile/Bernhard_Thalmayr
http://de.linkedin.com/in/bernhardthalmayr

This e-mail may contain confidential and/or privileged information.If
you are not the intended recipient (or have received this email in
error) please notify the sender immediately and delete this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
_______________________________________________
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
OpenAM@forgerock.org
https://lists.forgerock.org/mailman/listinfo/openam
[prev in list] [next in list] [prev in thread] [next in thread]