Forum Discussion

Nimbostratus

Jun 26, 2024

Mix NTLMv2 & Kerberos SSO in the same policy for different sub-URL

Hello ! I got a special request and couldn't find a solution on how to address this... e.g. Following URL is secured by an APM policy using NTLMv2 as SSO (based on AD Auth) https://acme.domain....

MVP

Jun 26, 2024

Hi,

- Review the Active session report for the first login attempt and validate that Kerberos works well and you can see the TGT or S4u Successful.
- After the first attempt try to logout again and authenticate with another user and review Access report and check the NTLM authentication and Kerberos.

- Try this ( don't only logout from the application , I need you to kill the session then authenticate with the second user directly and check kerberos logs in the access reports )
I think you should connect to the second user after killing active session.

Don't forget to enable debugging for SSO and Access policy , to be able to see all logs and failures on Kerberos side.

Forum Discussion

Mix NTLMv2 & Kerberos SSO in the same policy for different sub-URL

Recent Discussions

ASM-legitimate traffic

Glycogen Control Australia Is Right For You See Here

Issue with Capturing SYN-ACK Packets on F5 BigIP Virtual Server

/var directory Filling up

Cannot turn off strict updates

Related Content

Troubleshooting Kerberos Constrained Delegation: Strong Encryption Types Allowed for Kerberos

Copper SFP Differences

Kerberos is Easy - Part 2

Kerberos Is Easy - Part 1

APM Cookbook: Single Sign On (SSO) using Kerberos