Forum Discussion

Nimbostratus

Oct 01, 2014

Kerberos SSO across External trust

Hello, folks ! We have two domains: contoso.com and example.com they are in two-way external trust. Our web-site in contoso.com and we are trying to provide kerberos SSO for users in example.co...

application delivery

BIG-IP Access Policy Manager (APM)

Employee

Oct 10, 2014

In WireShark you should see APM communicate first with the local KDC (CONTOSO.LOCAL), initial AS_REQ/REP and then a TGS_REQ to the other realm. The local KDC issues an inter-realm TGT that APM uses to communicate directly with the remote realm. So you should see APM start talking directly to EXAMPLE.LOCAL, and send the inter-realm TGT in a TGS_REQ. Where in this process do you see the server principal unknown message? Can APM resolve and communicate with the KDC in EXAMPLE.LOCAL?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Kerberos SSO across External trust

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

GRPC through F5 Virtual Server [RST_STREAM with error code: INTERNAL_ERROR]

[ASM] - How to disable the SQL injection attack signatures

[ASM] : SQL-INJ "end-quote UNION" - How to allow this signature to specific url/uri/parameter only

Changes to DO and AS3 GitHub - no longer monitored

[ASM] : "Request length exceeds defined buffer size " - How to increase the limit ?

Related Content

Troubleshooting Kerberos Constrained Delegation: Strong Encryption Types Allowed for Kerberos

External Monitor Information and Templates

TACACS+ External Monitor (Python)

CSV to Address External Datagroup File

Kerberos is Easy - Part 2

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS