F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

marcesullivan_2's avatar
marcesullivan_2
Icon for Nimbostratus rankNimbostratus
Apr 21, 2016

Can APM be used to restrict access to users that fail Kerberos authentication?

Currently our access policy is configured to use SSO with Kerberos authentication to log users into our sharepoint site. The problem we are having is that even when users aren't receiving a Kerberos...
BIG-IP Access Policy Manager (APM)
security
Yann_Desmarest's avatar
Yann_Desmarest
Icon for Cirrus rankCirrus
Apr 26, 2016

Hello,

 

If kerberos SSO fail, the WebSSO process stop trying kerberos delegation. In some cases, I implemented a VIP targeting VIP architecture when the front VIP rewrite 401 response before they reach the customer and replace it with a 200 OK and set-cookie to force expiration of MRHSession and LastMRH_Session. This way, if SSO fail, you close the APM session.