SPNEGO+Kerberos Authentication

With SPENGO+Kerberos authentication, the SWITCH edu-ID IdP trusts the Windows PC authentication. This means that a user who has logged in on a Windows PC does not have to log in again on the edu-ID IdP.

SPNEGO+Kerberos authentication is currently under development.

SPENGO+Kerberos Login Flow

spnego-kerberos-overview

  1. The user has logged on to Windows on the PC.
  2. The user calls an AAI service in the browser and must log on to the IdP.
  3. The user chooses to log on with the Windows logon data.
  4. The IdP asks the browser to present a Kerberos ticket valid for Windows logon.
  5. The IdP checks the ticket and accepts it for authentication.
  6. No need to enter username and password.

Implementation

SPNEGO+Kerberos login can only be set up for entire organizations for their domain joined computers. Check out the documentation to set it up for your organization.