Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Any security issue with using SPNEGOto perform single-sign-on?
From: Saqib Ali (docbook.xmlgmail.com)
Date: Thu Mar 17 2005 - 16:19:20 CST
I was wondering if anyone has encountered any security concern/issues
while implementing SPNEGO <
http://www.vintela.com/resources/topics/spnego/ >. SPNEGO provides a
single-sign-on in a KERBEROS enabled environment. Basically it allows
web applications to automatically authenticate clients who have valid
I am planning to install the mod_spnego module on a apache server,
that will enable the client to single-sign-on to our internal
application, if they are part of our AD.
I possible concern is the increase of CSRF type of attacks, but that
is the case with any single-sign-on solution.