Forum Discussion

Nimbostratus

Jul 05, 2018

MAC book user issue with SSO Kerberos

We have a web server with SSO Kerberos configured. Windows client can easily brows then web site and SSO works fine, however, MAC book and IPad user receives HTTP 401. I'd like to create a iRules to...

Nimbostratus

Jul 05, 2018

Perhaps consider using the APM module to present a form-based logon to your clients that fail Kerberos. APM will use delegation to go and get a Kerbers ticket for your users, and proxy them onto the protected app. This way you still get AAA without compromising your security.

This article steps you through the concepts and configuration

https://devcentral.f5.com/articles/apm-cookbook-single-sign-on-sso-using-kerberos

If you -really- wanted to make a bad security decision, you could use an iRule to check for an OSX/Ipad user-agent header, and set the Kerberos header.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

MAC book user issue with SSO Kerberos

F5 Academy at AppWorld 2026

Aswin MK - November 2025 Featured Member

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

CVE mitigation on F5 XC vs classic F5 WAF

Could not communicate with the system. Try to reload page.

F5 XC 503 upstream_reset_before_response_started{protocol_error}

UCS Encryption Question

BIG-IP VE: 40G Throughput from 4x10G physical NICs

Related Content

Troubleshooting Kerberos Constrained Delegation: Strong Encryption Types Allowed for Kerberos

Kerberos is Easy - Part 2

Kerberos Authentication Failing for Exchange 2016 Behind F5 Cloud WAF

Kerberos Is Easy - Part 1

APM Cookbook: Single Sign On (SSO) using Kerberos

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS