Authenticating from local domain against remote domain proxy
I thought I'd open this problem up to hopefully get some different perspectives. The problem is as follows:
As a school we support our primary cluster in their ICT and for a significant period of time now they have had to authenticate against our GFL proxy to gain internet access. It has always been a problem to the teachers in the primary's to try and get young children to remember the log on details, and the initial concept of authenticating was to track users browsing habits. This never materialised though and is now used for filtering.
I'm looking for ideas really how I can get rid of the secondary authentication for internet access. The primary schools log on to the computers within school, all have Windows Server 2003 DC. The secondary authentication then ties into the GFL Smoothwall filtering and I do not think that an ISA server in each school is a viable option as they would then require local filtering also which is unpractical.
Google throws up interesting options such as ADFS but haven't really found any references to using it in a situation such as this.
Just wanted to get the opinion of others to see if they've encountered this issue and/or solved it.
I appreciate any replies.