Forum Discussion

Nimbostratus

Jun 26, 2024

Mix NTLMv2 & Kerberos SSO in the same policy for different sub-URL

Hello ! I got a special request and couldn't find a solution on how to address this... e.g. Following URL is secured by an APM policy using NTLMv2 as SSO (based on AD Auth) https://acme.domain....

MVP

Jun 26, 2024

Hi,

- Review the Active session report for the first login attempt and validate that Kerberos works well and you can see the TGT or S4u Successful.
- After the first attempt try to logout again and authenticate with another user and review Access report and check the NTLM authentication and Kerberos.

- Try this ( don't only logout from the application , I need you to kill the session then authenticate with the second user directly and check kerberos logs in the access reports )
I think you should connect to the second user after killing active session.

Don't forget to enable debugging for SSO and Access policy , to be able to see all logs and failures on Kerberos side.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Mix NTLMv2 & Kerberos SSO in the same policy for different sub-URL

Recent Discussions

SSL bridging without SSL proxy forward

Client SSL Profile set to Require Client Certificate breaks RDP in APM

TS Declarations for DNS

APM file and registry key date check 8 days old

Should config via cli rather than gui?

Related Content

Troubleshooting Kerberos Constrained Delegation: Strong Encryption Types Allowed for Kerberos

Copper SFP Differences

Kerberos is Easy - Part 2

APM Cookbook: Single Sign On (SSO) using Kerberos

Kerberos Is Easy - Part 1

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS