Hello,
I setup my middle tier service for delegation to a backend service and I've used a source address affinity persistence profile to keep kerberos happy.
The middletier service run's under account middletierserviceacct and the backend service under account backendserviceacct.
The middletierserverservice.fqdn and backendserverservice.fqdn DNS entries resolve to the virtual servers on our LTM.
setspn -l middletierserviceacct
HTTP/middletierserverservice.fqdn
HTTP/middletierserverservice
setspn -l backendserviceacct
HTTP/backendserverservice
HTTP/backendserverservice.fqdn
Hope this clears things up