APM, Kerberos, Cross Domains, and different user accounts

I am trying to set up an APM policy that will allow me to do the following... I am logged into my workstation with my standard company account on the production domain. I would like to access an internal web application on a different test domain and have the following happen:

First, I am prompted for a different account id and password via a logon page

Next, that account gets authenticated against the test domain

Finally, APM hands the request to the application server, which is configured for Kerberos authentication in IIS, and have it see the identity as the account specified in the second step

I have a policy that's prompting me for my different account and validating it ok, but the Kerberos auth is still seeing my request coming through as my workstation account, not the account I provided to APM. I tried following one of the cookbook articles on APM and Kerberos but I'm not able to get the logon page to display so I can provide the different account. Any suggestions?

I am running v13.1.1.4.

Thanks,

Jen

APM

application delivery

Forum Discussion

APM, Kerberos, Cross Domains, and different user accounts

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

Enriching AFM with public domain Threat Intelligence

domain blocking

Copper SFP Differences

Change cookie domain in HTTP::respond

Kerberos Is Easy - Part 1