Forum Discussion

Wasfi_Bounni's avatar
Wasfi_Bounni
Icon for Cirrocumulus rankCirrocumulus
Feb 28, 2021

I want the APM to do Kerberos Authentication then pass the Kerberos ticket over to another System.

Hi;

 

I have a scenario where I need the BIG-IP APM to do Kerberos Authentication of domain users, seamlessly "without any prompts", then pass on the Kerberos ticket to a Proxy Server, which in turn does Kerberos Authentication of users against the same AD domain controller. All this seamlessly. Can this be done and if so, is there a paper or a document specifying how this can be implemented?

 

Kindly

Wasfi

  • Hi Wasfi,

     

    are looking for help implementing Kerberos Constrained Delegation?

    "In Kerberos SSO constrained delegation, the BIG-IP APM system first authenticates users by requesting their credentials once and thereafter reusing the cached identity to seamlessly log the user in to the secured web applications."

    There is a KB article: K43063049: Configuring BIG-IP APM Kerberos SSO constrained delegation for portal access

     

    It does not 100% match your use case, but contains all required config steps on the BIG-IP.

     

    KR

    Daniel

  • Hi Wasfi,

     

    are looking for help implementing Kerberos Constrained Delegation?

    "In Kerberos SSO constrained delegation, the BIG-IP APM system first authenticates users by requesting their credentials once and thereafter reusing the cached identity to seamlessly log the user in to the secured web applications."

    There is a KB article: K43063049: Configuring BIG-IP APM Kerberos SSO constrained delegation for portal access

     

    It does not 100% match your use case, but contains all required config steps on the BIG-IP.

     

    KR

    Daniel