Forum Discussion

Nimbostratus

Jul 03, 2018

Kerberos client AAA

I need to set it up clientside Kerberos AAA for one of the third party app. Doesn't need serverside SSO.as app has its own forms based managed by vendor SO the requirement is when internal user ...

application delivery

BIG-IP Access Policy Manager (APM)

youssef1

Cumulonimbus

Jul 04, 2018

Hi Spalan,

I do not think that's the way to go (in terms of configuration optimization and evolution).

I advise you to follow my guidance: you can use saml by creating a unique IDP that will allow you to federate all your authentications. So you will need to create only one keytab and in the futur if you have an additional application, you will just bind this application to your IDP.

So first create your IDP: - example: sso.mydomaing.com (create a Arecored for this VIP). - ...

https://clouddocs.f5.com/training/community/iam/html/class1/kerberos.html

Please keep me in touch if you need help fore create IDP and bind to sp. But in all case before go ahead with SAML validate that you deploy correctly kerberos auth in your VS.

Regards

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)