Forum Discussion

dp_119903

Cirrostratus

Sep 15, 2015

Non local kerberos realm

I have kerberos for server-side (SSO) working just fine. My kerberos sso config looks like this: username source: session.sso.token.last.username username realm source: session.logon.last.domain...

BIG-IP Access Policy Manager (APM)

security

Kevin_Stewart

Employee

Sep 30, 2015

You're getting a server principal unknown error and using **http/%h@DOMAIN1.DOMAIN.COM ** as the SPN pattern. This pattern implies that you're deriving the target SPN from the client's Host header. Is that what you intended?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Non local kerberos realm

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

Changes to DO and AS3 GitHub - no longer monitored

[ASM] : SQL-INJ "end-quote UNION" - How to allow this signature to specific url/uri/parameter only

[ASM] - How to disable the SQL injection attack signatures

[ASM] : "Request length exceeds defined buffer size " - How to increase the limit ?

Help with SSH Virtual Server

Related Content

Troubleshooting Kerberos Constrained Delegation: Strong Encryption Types Allowed for Kerberos

Living on the AWS Edge - Local Zones

Kerberos is Easy - Part 2

APM Cookbook: Single Sign On (SSO) using Kerberos

Kerberos Is Easy - Part 1

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS