Forum Discussion
APM Kerberos SSO
Hello,
I use the User Lockout Policy with APM for Exchange 2016 (https://devcentral.f5.com/s/articles/create-a-user-lockout-policy-with-access-policy-manager)
It works fine with OWA with FormBased/NTLM SSO/ but when I use Kerberos SSO I have a lot of error "Could not find SSO domain, check variable assign agent setting" in debug, but it's still works is not not assigned
Without the Lockout Maccro I don't have any error like this
I read somewhere it's maybe a problem about Domain SSO variable
Thanks
- Andy_McGrathCumulonimbus
Best article for setting up Kerberos SSO:
https://devcentral.f5.com/s/articles/apm-cookbook-single-sign-on-sso-using-kerberos
I still use this as reference even after setting up several APM solutions with Kerberos SSO
- youssef1Cumulonimbus
Hi,
When you use Kerberos sso you have to set an objet (SSO Kerberos).
In this object you have an default variable for the domain: session.logon.last.domain
So in your VPE you have to add an variable assign with:
custom variable: session.logon.last.domain
custom expression: return "MYDOMAIN"
Regards
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com