Forum Discussion

Jon_Macy's avatar
Jon_Macy
Icon for Altostratus rankAltostratus
Oct 30, 2013

Citrix iApp using Active Directory - Monitor for Kerberos Auth?

We are implementing one of the Citrix iApps. We specify the authentication as Active Directory. We list the pool of servers (DCs). All works. We haven't been able to figure out a decent health mo...
availability
citrix
deployment
design
devops
iApps
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Oct 30, 2013

That is an excellent question, and one that I wish there was a better answer to. At some point, I'm not sure when, the ability to do negotiate (Kerberos) authentication with cURL was stripped from the on-board libraries. Aside from that, there are perhaps a few other options:

 

  • The HTTP monitor can be configured to fail over to NTLM authentication if Basic fails. If you support Kerberos and NTLM negotiation, that may be an option. See this post:

     

    https://devcentral.f5.com/questions/hhtp-montior-for-microsoft-ntlm-negoiate

     

  • You could create a separate site on the same IIS host that supports Basic or even anonymous access, and has a script that can check the health of the other site from within.

     

  • Simply do ICMP (ping) or TCP monitoring.