F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Davo_T_20783's avatar
Davo_T_20783
Icon for Nimbostratus rankNimbostratus
Mar 30, 2014

APM SSO config using Kerberos to Weblogic backend not supplying session id cookie on post authentication requests

Hi,   We have constrained delegation and kerberos authentication working using APM 11.2.0, however once authenticated, subsequent request the JSESSIONID is not being supplied in the F5 request to ...
BIG-IP Access Policy Manager (APM)
design
security
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Mar 31, 2014

The biggest difference between the two options (always or on 401), and besides frequency, is the format of the ticket (GSSAPI vs SPNEGO). I can almost certainly guarantee though, unless you've coded it to do so, that APM SSO is NOT handling the JSESSIONID cookie. If you perform a client side capture, or better watch the traffic on both sides of the proxy, you should see the JSESSIONID Set-Cookie header leave the server and make it all the way to the client. You should them see the client send subsequent requests with this cookie.