F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

Evan_Champion_1's avatar
Evan_Champion_1
Icon for Cirrus rankCirrus
Jan 04, 2016

Kerberos and APM-based SAML IdP

I am stuck getting transparent Kerberos authentication to work with my F5 APM-based SAML IdP. The user's first access to the IdP is successfully transparently authenticated. Following session expir...
BIG-IP Access Policy Manager (APM)
saml
security
Evan_Champion_1's avatar
Evan_Champion_1
Icon for Cirrus rankCirrus
Jan 04, 2016
I think I may have found an issue ID for this in the APM 12.0 release notes. The ID is: 461084. When the BIG-IP system is configured with Kerberos Auth agent and the client sends a request with an Authorization header PRIOR to the "HTTP 401" challenge, authentication fails. An auth request to the BIG-IP systems contains Authorization header; Kerberos Auth is configured. Auth can fail and the client might see a login prompt again when the IP address changes. Unfortunately there is no workaround recommended. :-(