Forum Discussion

ktm_2000

Altostratus

Nov 08, 2024

Can you set Kerberos AAA server via session variable?

Folks, I am looking to setup Kerberos so folks do not need to keep entering their credentials and have been doing some testing. I have a couple test policies setup and assigned to their own ...

application delivery

Injeyan_Kostas

Nacreous

Jun 26, 2025

Hi ktm_2000

The simplest way would be to use a single keytab file lets say for sso.example.com and set a multi domain sso policy with sso.example.com as primary domain. Then you add the rest domains.
So when a user tries to access app1.example.com apm will redirect him to sso.example.com where he could authenticate with kerberos and then will be returned to app1

An other way is to have a unique login policy just for sso.example.com with kerberos and have other policies SAML federated to sso

And the last option is to have multiple keytabs and then inside the policy check the hostname requested and have multiple branches, one for each hostname, and assign different kerberos auth for each.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)