APM Cookbook: Single Sign On (SSO) using Kerberos

To get the APM Cookbook series moving along, I’ve decided to help out by documenting the common APM solutions I help customers and partners with on a regular basis. Kerberos SSO is nothing new, bu...
Published Apr 28, 2014
Version 1.0
BIG-IP Access Policy Manager (APM)
cookbook
kerberos
microsoft
security
SSO
RiverFish's avatar
RiverFish
Icon for Altostratus rankAltostratus
Aug 11, 2017

Roger that. We have an internal site that has seamless auth. When we put it behind the F5 the auth broke. Using APM, how would I continue the seamless auth? Using chrome tools I see:

Server response:
HTTP/1.1 401 Unauthorized
Content-Type: text/html
Server: 
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM

Client reply:
Authorization:Negotiate YIIMjgYGKwYBBQ....

From what I've read the "Y" in the client reply indicates kerberos. Can you provide a link to guide me in the right direction? From what I've seen you can start the VPE off with a "Client Cert Inspection" or a "HTTP 401 Response". I believe we have the ability to do both. Which one is better. Thanks for your time.