For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

dp_119903's avatar
dp_119903
Icon for Cirrostratus rankCirrostratus
Sep 15, 2015

Non local kerberos realm

I have kerberos for server-side (SSO) working just fine.   My kerberos sso config looks like this: username source: session.sso.token.last.username username realm source: session.logon.last.domain...
BIG-IP Access Policy Manager (APM)
security
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Sep 30, 2015

You're getting a server principal unknown error and using **http/%h@DOMAIN1.DOMAIN.COM ** as the SPN pattern. This pattern implies that you're deriving the target SPN from the client's Host header. Is that what you intended?