APM Kerberos SSO

Question

Hello,I use the User Lockout Policy with APM for Exchange 2016 (https://devcentral.f5.com/s/articles/create-a-user-lockout-policy-with-access-policy-manager)&nbsp;It works fine with OWA with FormBased/NTLM SSO/ but when I use Kerberos SSO I have a lot of error "Could not find SSO domain, check variable assign agent setting" in debug, but it's still works is not not assignedWithout the Lockout Maccro I don't have any error like thisI read somewhere it's maybe a problem about Domain SSO variable&nbsp;&nbsp;Thanks &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;

andy_mcgrath · Answer

Best article for setting up Kerberos SSO:

https://devcentral.f5.com/s/articles/apm-cookbook-single-sign-on-sso-using-kerberos

I still use this as reference even after setting up several APM solutions with Kerberos SSO

youssef1 · Answer

Hi,&nbsp;When you use Kerberos sso you have to set an objet (SSO Kerberos).In this object you have an default variable for the domain: session.logon.last.domain&nbsp;So in your VPE you have to add an variable assign with:&nbsp;&nbsp;custom variable: session.logon.last.domaincustom expression: return "MYDOMAIN"&nbsp;Regards

Forum Discussion

APM Kerberos SSO

2 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

TLS handshake failure from BIG-IP to backend – Fatal Alert: Decode Error (Server SSL)

Failing over Virtual F5 VE to DR location using Zerto

Failing over of a Virtual F5 configuration to another location using Zerto restore process

F5 Networks F5CAB1 Exam - Need Help Regarding Prep

Username is not filled in EdgeClient in the Modern customization

Related Content

APM Cookbook: Single Sign On (SSO) using Kerberos

Kerberos SSO without APM?

Troubleshooting Kerberos Constrained Delegation: Strong Encryption Types Allowed for Kerberos

Transparent Kerberos Authentication and APM fallback authentication

SSO par Kerberos Constrained Delegation sur APM - Best Practices

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS