Forum Discussion
Yoann_Le_Corvi1
Mar 26, 2019Cumulonimbus
Hi,
Kerberos delegation is not that complex in the end. Check the documentation here
In the end it comes down to :
- A service Account for the F5 in Active Directory
- Create a SPN for that service account
- create a SPN for the IIS Computer or service account in active directory like http/iishost.mydomain.com
- In the delegation tab of the F5 Service Account, add the IIS SPN in the trusted list, and select "Use Any Authentication Protocol"
- Create an Kerberos SSO profile using the F5 Service account / password. - Assign the SSO profile to your APM policy (or Portal resources)
Hope this helps. Let us know if not.