Forum Discussion

Nimbostratus

Jul 13, 2014

Client side Kerberos with Portal Access List object

Hey There, Hoping somebody can help, tearing my hair out as usual. I have an access policy which performs the following: Browser matches IE -> IP Subnet Matches internal -> 401 responc...

application delivery

BIG-IP Access Policy Manager (APM)

Employee

Jul 14, 2014

The only thing Kerberos adds to the request is an Authorization HTTP header. If you have decrypted access to the server side data (between F5 and the web server), try to take a capture (TCPDUMP, WireShark, etc.) and compare the working and non-working requests. Without the iRule you should probably see that client side Authorization header passing through. With the iRule it should not be there. The fact that you're getting to the webtop through the Kerberos auth path suggests that the access policy VPE itself is fine, but that there's something in the request to the web server that is different.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)