Forum Discussion
I want the APM to do Kerberos Authentication then pass the Kerberos ticket over to another System.
Hi;
I have a scenario where I need the BIG-IP APM to do Kerberos Authentication of domain users, seamlessly "without any prompts", then pass on the Kerberos ticket to a Proxy Server, which in turn does Kerberos Authentication of users against the same AD domain controller. All this seamlessly. Can this be done and if so, is there a paper or a document specifying how this can be implemented?
Kindly
Wasfi
Hi Wasfi,
are looking for help implementing Kerberos Constrained Delegation?
"In Kerberos SSO constrained delegation, the BIG-IP APM system first authenticates users by requesting their credentials once and thereafter reusing the cached identity to seamlessly log the user in to the secured web applications."
There is a KB article: K43063049: Configuring BIG-IP APM Kerberos SSO constrained delegation for portal access
It does not 100% match your use case, but contains all required config steps on the BIG-IP.
KR
Daniel
Hi Wasfi,
are looking for help implementing Kerberos Constrained Delegation?
"In Kerberos SSO constrained delegation, the BIG-IP APM system first authenticates users by requesting their credentials once and thereafter reusing the cached identity to seamlessly log the user in to the secured web applications."
There is a KB article: K43063049: Configuring BIG-IP APM Kerberos SSO constrained delegation for portal access
It does not 100% match your use case, but contains all required config steps on the BIG-IP.
KR
Daniel
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com