Forum Discussion

Nimbostratus

Jul 30, 2014

Client side Kerberos problem with Mac OSX 10.9 and Safari 7.0.2

Hi all, I've got a working client side SSO access policy in APM providing access to an internal intranet. It works perfectly with Windows clients (with the right browser config) and I can get it...

BIG-IP Access Policy Manager (APM)

Nimbostratus

Aug 05, 2014

Hi Kevin,

We see the WWW-Authenticate header from the APM, and the negotiate response including the kerberos ticket going back to the F5. And then the session fails. You can see an example of the HTTP head/reponses in my first post. It's from a different access policy, but using essentially the same APM config and Mac client.

Have you ever heard of Safari successfully participating in kerberos ticket exchange with the APM? Does the APM support using Safari? I don't want to spend forever digging deeply into this if it hasn't been proven to work.

Gavin

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Client side Kerberos problem with Mac OSX 10.9 and Safari 7.0.2

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

F5 BIG-IP and NGINX - Securing Your AWS VPC Lattice Applications for External Clients

Upgrade APM edge client

Lightboard Lessons: Kerberos Delegation & Protocol Transition

Slack Mutual TLS Recipe: Adding X-Client-Certificate-SAN header from client certificate

Monitor problem

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS