Forum Discussion

Nimbostratus

Nov 20, 2013

APM and Kerberos SSO

Hi, I'm trying to get SSO with Kerberos working. I have win 2008 domain. I used many many manuals and docs for configuring delegation, but now it's configured according to this: http://support.f5.c...

BIG-IP Access Policy Manager (APM)

microsoft

security

Michael_Koyfma1

Cirrus

Nov 20, 2013

Piotr,

Couple of things - first, turn up SSO log level to debug, it should tell you a lot more info about what is going on with Kerberos. I would venture a guess at this point that your delegation might not be setup properly in AD, or DNS is not setup(APM performs reverse DNS lookup on the IP address of the server to determine which SPN we need to get a ticket for), but debug logs should be able to tell the story better

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

APM and Kerberos SSO

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

T4 and ALL tenant images

Unable to Forward APM and AFM Logs to AWS CloudWatch Using Telemetry Streaming

Managing iRules configuration

CPU load when Prometheus is scraping metrics from F5 BIG-IP LTM

[ASM] - How to disable the SQL injection attack signatures

Related Content

APM Cookbook: Single Sign On (SSO) using Kerberos

Troubleshooting Kerberos Constrained Delegation: Strong Encryption Types Allowed for Kerberos

Transparent Kerberos Authentication and APM fallback authentication

APM Kerberos Auth or fallback to another authentication method

Configuring Smart Card Authentication and Kerberos Constrained Delegation in F5 Access Policy Manager (APM)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS