Mix NTLMv2 & Kerberos SSO in the same policy for different sub-URL

Question

Hello !I got a special request and couldn't find a solution on how to address this...e.g.Following URL is secured by an APM policy using NTLMv2 as SSO (based on AD Auth)https://acme.domain.com/url&nbsp;Following subURL is requesting KERBEROShttps://acme.domain.com/url/suburl&nbsp;For the moment the user need to authenticate 2x. The 2nd time through a Microsoft Popup.With one of the main Issues being: if I logout and login again with a different user, there is no login requested for the kerberos part and the 1st user remains connected.Any idea how I could solve this situationBRS.

mohamed_ahmed_kansoh · Answer

Hi,&nbsp;- Review the Active session report for the first login attempt and validate that Kerberos works well and you can see the TGT or S4u Successful.- After the first attempt try to logout again and authenticate with another user and review Access report and check the NTLM authentication and Kerberos.&nbsp;- Try this ( don't only logout from the application , I need you to kill the session then authenticate with the second user directly and check kerberos logs in the access reports )&nbsp;I think you should connect to the second user after killing active session.
&nbsp;
Don't forget to enable debugging for SSO and Access policy , to be able to see all logs and failures on Kerberos side.

Forum Discussion

Mix NTLMv2 & Kerberos SSO in the same policy for different sub-URL

1 Reply

Recent Discussions

Ngingayitsengaphi Imali Mgunyati?(WhatsApp+33745432312)

Waar kan ik vals geld kopen? (WhatsApp+33745432312)

Acquistare banconote contraffatte?(Telegram.@tesgkm)

APM combine check for ldap group plus IP ACL

Error in REST https call to get the Auth token v15.1.8

Related Content

Troubleshooting Kerberos Constrained Delegation: Strong Encryption Types Allowed for Kerberos

Copper SFP Differences

Kerberos is Easy - Part 2

Kerberos Is Easy - Part 1

APM Cookbook: Single Sign On (SSO) using Kerberos