I am trying to set up a Kerberos authentication policy in my APM 11.6 HF4 to get some Windows Integrated auth for a VIP, following the f5 documented procedure (https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-o...)
Everything seems to run fine at the authentication level, as I clearly see my username and auth results stored in my session variables, but the policy seems to stop there, just after the Kerberos auth box, and does not it the following boxes (I have some message box to trap where I am in the policy). Looks like the policy never leaves the Kerberos Auth box. Therefore my browser just shows IE error (Page cant be displayed), and the session stays in the pending state (blue). I have attached a policy screenshot, it never hits the message boxes KRB AUTH DONE or FAILED.
Checking the LTM and APM logs show no error or stop.
There is something I am missing, and I don't find what...Some clue or a different angle/point of view would be helpful 🙂
Found the issue. I created a new virtual server, applied same APM policy, and everything worked pretty well as expected... Comparing both configs, it appears that selecting Preserve Strict setting for Source Port in the VS config breaks the whole thing. In my case, this item must be set to Preserve only.
Why it was working for Chrome & Firefox but not IE is still a mystery, but at least, it is fixed.