Forum Discussion

Nimbostratus

Oct 01, 2014

Kerberos SSO across External trust

Hello, folks ! We have two domains: contoso.com and example.com they are in two-way external trust. Our web-site in contoso.com and we are trying to provide kerberos SSO for users in example.co...

application delivery

BIG-IP Access Policy Manager (APM)

Employee

Oct 10, 2014

In WireShark you should see APM communicate first with the local KDC (CONTOSO.LOCAL), initial AS_REQ/REP and then a TGS_REQ to the other realm. The local KDC issues an inter-realm TGT that APM uses to communicate directly with the remote realm. So you should see APM start talking directly to EXAMPLE.LOCAL, and send the inter-realm TGT in a TGS_REQ. Where in this process do you see the server principal unknown message? Can APM resolve and communicate with the KDC in EXAMPLE.LOCAL?

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)