Forum Discussion

PhetS's avatar
Icon for Nimbostratus rankNimbostratus
Jun 26, 2024

Mix NTLMv2 & Kerberos SSO in the same policy for different sub-URL

Hello !

I got a special request and couldn't find a solution on how to address this...


Following URL is secured by an APM policy using NTLMv2 as SSO (based on AD Auth)


Following subURL is requesting KERBEROS


For the moment the user need to authenticate 2x. The 2nd time through a Microsoft Popup.

With one of the main Issues being: if I logout and login again with a different user, there is no login requested for the kerberos part and the 1st user remains connected.

Any idea how I could solve this situation


1 Reply

  • Hi, 

    - Review the Active session report for the first login attempt and validate that Kerberos works well and you can see the TGT or S4u Successful.
    - After the first attempt try to logout again and authenticate with another user and review Access report and check the NTLM authentication and Kerberos. 

    - Try this ( don't only logout from the application , I need you to kill the session then authenticate with the second user directly and check kerberos logs in the access reports ) 
    I think you should connect to the second user after killing active session.


    Don't forget to enable debugging for SSO and Access policy , to be able to see all logs and failures on Kerberos side.