For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Evan_Champion_1's avatar
Evan_Champion_1
Icon for Cirrus rankCirrus
Jan 04, 2016

Kerberos and APM-based SAML IdP

I am stuck getting transparent Kerberos authentication to work with my F5 APM-based SAML IdP. The user's first access to the IdP is successfully transparently authenticated. Following session expir...
BIG-IP Access Policy Manager (APM)
saml
security
Evan_Champion_1's avatar
Evan_Champion_1
Icon for Cirrus rankCirrus
Jan 04, 2016
I think I may have found an issue ID for this in the APM 12.0 release notes. The ID is: 461084. When the BIG-IP system is configured with Kerberos Auth agent and the client sends a request with an Authorization header PRIOR to the "HTTP 401" challenge, authentication fails. An auth request to the BIG-IP systems contains Authorization header; Kerberos Auth is configured. Auth can fail and the client might see a login prompt again when the IP address changes. Unfortunately there is no workaround recommended. :-(