APM: Trigger KCD Login for additional Sharepoint Authentication Provider

Hi,

we have an issue with KCD, maybe someone has an idea, how to resolve this.

• external webtop with Link to Sharepoint-Application X (SPX)
• by clicking the link, you are forwarded to the F5-Listener for SPX, and authenticated to F5 via SAML
• F5 then grabs a Kerberos Token (since it only knows the username, not the PW) and authenticates against the SP Auth Provider of SPX
• Everything fine so far - but
• If you upload a picture to a feed on SPX, this picture is stored in your own profile, which is located on the same server, but a different service with a different Authentication Provider (SPY)
• Because of that, the pic can't be displayed, since you are not authenticated on SPY

So, I need somehow to configure an automatic, simultaneous authentication to SPY, without any user input or similar.

With NTLM, this was easy, since you had the user/pw through the logon page and you could simply define another AuthDomain for SPY.

With Kerberos, I think you would need to configure an additional SSO with the other SPN and trigger this second authentication somehow at the same time or after the auth to SPX.

But I have no clue, how to trigger this. Via irule? or in the AP itself?

My policy is pretty simple: