Forum Discussion
Son_of_Tom_1379
Nimbostratus
NimbostratusClient side Kerberos with Portal Access List object
Hey There,
Hoping somebody can help, tearing my hair out as usual.
I have an access policy which performs the following:
Browser matches IE -> IP Subnet Matches internal -> 401 responc...
kunjanNimbostratus
NimbostratusIf kerberos auth is where the application hangs, do a packet capture at the client side to see at which stage it hangs
- 1) You should see a 401 challenge from APM
- 2) Kerberos traffic(port 88) from client to KDC ( if not cached)
- 3) The response from client to APM with Authorization header.
Son_of_Tom_1379Nimbostratus
NimbostratusThanks for the response Kunjan,
I do not have an SSO profile attached to the portal access list object (nor do I wish to). Kerberos itself is working fine for client side access to the portal, adding the site to the IE intranet zone shoots me straight through to the webtop perfectly. It just 'appears' that something that would normally happen with the logon page/AD auth does not happen when using Kerberos.
I'm certainly new to the land of client side Kerberos as I'm used to using the logon page, perhaps I'm missing something obvious. Keep in mind that I'm not yet trying SSO, and when I do it is to an external Linux web host so will be forms based authentication, not Kerberos.
Thanks again
