F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

PhetS's avatar
PhetS
Icon for Nimbostratus rankNimbostratus
Jun 25, 2024

Mix NTLMv2 & Kerberos SSO in the same policy for different sub-URL

Hello ! I got a special request and couldn't find a solution on how to address this... e.g. Following URL is secured by an APM policy using NTLMv2 as SSO (based on AD Auth) https://acme.domain....
apm sso
kerberos sso
ntlmv2
Mohamed_Ahmed_Kansoh's avatar
Mohamed_Ahmed_Kansoh
Icon for MVP rankMVP
Jun 26, 2024

Hi, 

- Review the Active session report for the first login attempt and validate that Kerberos works well and you can see the TGT or S4u Successful.
- After the first attempt try to logout again and authenticate with another user and review Access report and check the NTLM authentication and Kerberos. 

- Try this ( don't only logout from the application , I need you to kill the session then authenticate with the second user directly and check kerberos logs in the access reports ) 
I think you should connect to the second user after killing active session.

 

Don't forget to enable debugging for SSO and Access policy , to be able to see all logs and failures on Kerberos side.