For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

PhetS's avatar
PhetS
Icon for Nimbostratus rankNimbostratus
Jun 26, 2024

Mix NTLMv2 & Kerberos SSO in the same policy for different sub-URL

Hello ! I got a special request and couldn't find a solution on how to address this... e.g. Following URL is secured by an APM policy using NTLMv2 as SSO (based on AD Auth) https://acme.domain....
apm sso
kerberos sso
ntlmv2
Mohamed_Ahmed_Kansoh's avatar
Mohamed_Ahmed_Kansoh
Icon for MVP rankMVP
Jun 26, 2024

Hi, 

- Review the Active session report for the first login attempt and validate that Kerberos works well and you can see the TGT or S4u Successful.
- After the first attempt try to logout again and authenticate with another user and review Access report and check the NTLM authentication and Kerberos. 

- Try this ( don't only logout from the application , I need you to kill the session then authenticate with the second user directly and check kerberos logs in the access reports ) 
I think you should connect to the second user after killing active session.

 

Don't forget to enable debugging for SSO and Access policy , to be able to see all logs and failures on Kerberos side.