Forum Discussion

Nimbostratus

Mar 26, 2019

Access to a IIS web server (windows auth) from a standalone client using APM?

We have a scenario like this: We have planned to use standalone infoscreens(linux based i think) that should show content from for example a tfs board (windows auth) and the infoscreens can probably ...

application delivery

BIG-IP Access Policy Manager (APM)

Yoann_Le_Corvi1

Cumulonimbus

Mar 26, 2019

Hi,

Kerberos delegation is not that complex in the end. Check the documentation here

In the end it comes down to :

- A service Account for the F5 in Active Directory

- Create a SPN for that service account

- create a SPN for the IIS Computer or service account in active directory like http/iishost.mydomain.com

- In the delegation tab of the F5 Service Account, add the IIS SPN in the trusted list, and select "Use Any Authentication Protocol"

- Create an Kerberos SSO profile using the F5 Service account / password. - Assign the SSO profile to your APM policy (or Portal resources)

Hope this helps. Let us know if not.

Forum Discussion

Access to a IIS web server (windows auth) from a standalone client using APM?

Recent Discussions

ASM cookie, modifying "domain" field

URL

service profile HTTP in LTM v16.1?

iRule resulting in too many redirects

Azure SAML - F5 APM

Related Content

F5 BIG-IP Access Policy Manager (APM) Machine Tunnels for Windows

Federated AWS Console Access Made Easy: F5 BIG-IP Access Policy Manager Access Guided Configurations

Repace standalone licence with different module BigIP VE

Windows File Share via F5 VIP

Standalone BIG-IQ Upgrade Question