For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

LyonsG_85618's avatar
LyonsG_85618
Icon for Cirrostratus rankCirrostratus
Mar 08, 2016

HTTPS Monitor failing when SSO enabled (Kerberos)

Thanks for looking. I have a pretty basic HTTPS monitor running that worked fine until the application team enabled SSO (uses kerberos authentication). Since then the monitor has been failing. I ...
application delivery
BIG-IP
LTM
Greg_Labelle's avatar
Greg_Labelle
Icon for Nimbostratus rankNimbostratus
Mar 08, 2016

Keberos relies upon the client requesting a token from a KDC. As the F5 is not "client" in this context, it won't be able to successfully authenticate to a kerberos only application. Unless you can get the application team to enable NTLM as well as Keberos then you're going to have difficulty.

 

Another option would be to ask the application team to setup a static page that does a local health check that can be presented to the F5 without authentication and perform your health check on that.