Ping Basics: IdP, SP, adapters
http://www.pingidentity.com/tech-answers/integration/
Ping + Citrix Docs:
http://www.pingidentity.com/support-and-downloads/product-documentation/citrix-integration-kit/2-0/loader.cfm?csModule=security/getfile&pageid=5900
Ping + SharePoint
http://www.pingidentity.com/support-and-downloads/product-documentation/iis-integration-kit/2-2/loader.cfm?csModule=security/getfile&pageid=5917
Use Impersonation and Delegation
http://msdn.microsoft.com/en-us/library/ms998351.aspx
Delegation of authentication
In Windows, a server can be marked as “trusted for delegation.” This means a server can authenticate to services as if it were a user. The services cannot tell that the request is being made by a server rather than directly by a user.
There are two types of delegation:
Unconstrained delegation: If you select the Trust this computer for delegation to any service (Kerberos Only) check box, the server can access any other service as the user as long as the user authenticated to it using Kerberos.
Note: This setting does not work with ADFS deployments.
Constrained delegation: If you select the Trust this computer to specified services only check box, the server can access only certain services as the user.
http://support.citrix.com/article/ctx110784
The setup for Citrix for Ping must involve Kerberos and is similar to setup for SharePoint front endservers and sql server.
Kerberos Issues:
http://support.microsoft.com/kb/907272
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment