SPNEGO+Kerberos Authentication
With SPENGO+Kerberos authentication, the SWITCH edu-ID IdP trusts the Windows PC authentication. This means that a user who has logged in on a Windows PC does not have to log in again on the edu-ID IdP.
SPNEGO+Kerberos authentication is currently under development.
SPENGO+Kerberos Login Flow
- The user has logged on to Windows on the PC.
- The user calls an AAI service in the browser and must log on to the IdP.
- The user chooses to log on with the Windows logon data.
- The IdP asks the browser to present a Kerberos ticket valid for Windows logon.
- The IdP checks the ticket and accepts it for authentication.
- No need to enter username and password.
Implementation
SPNEGO+Kerberos login can only be set up for entire organizations for their domain joined computers. Check out the documentation to set it up for your organization.