This document was generated from CDN thread
Created by: Ben Sunderland on 30-01-2012 11:10:09 PM
FYI,
I finally managed to get Kerberos SSO working in our lab which we have been waiting for for some time. Now a network logged on user using a supported browser can , with the right browser tweaks, seamlessly login to WebEx Social.
The only issue I found to date was that it broke our chat/presence integration (we use OCS). Looking at the AJAX calls, once kerberos is enabled , it no longer uses the password (there is no password entered with kerberos) but instead uses whatever you have in the "chat password" settings in a user's control panel. You can see this account come through in the HTTP POST form data.
So by enabling kerberos SSO for WebEx Social, it breaks the ability to pass on credentials to OCS, thus relying on manually entered password.
I have a TAC open about this so will update here once I get confirmation that what I have seen is in fact by design (unless someone knows). I know CWA can be setup to work with Kerberso , just dont know if WebEx Social supports this..?
to be continued.....
Ben
Subject: RE: Kerberos and OCS integration
Replied by: Ben Sunderland on 09-02-2012 10:19:38 PM
UPDATE from TAC - yes this is by design. Both OCS and UPS dont work when kerberos is enabled UNLESS you set the 'chat password'.
My client is going to turn on Kerberos and live with the manual password settting - this is the same situation for Exchange portlet as well.
