cancel
Showing results for 
Search instead for 
Did you mean: 
Login & Join the DevCentral Connects Group to watch the Recorded LiveStream (May 12) on Basic iControl Security - show notes included.

APM: Trigger KCD Login for additional Sharepoint Authentication Provider

am_gli
Altostratus
Altostratus

Hi,

 

we have an issue with KCD, maybe someone has an idea, how to resolve this.

 

  • external webtop with Link to Sharepoint-Application X (SPX)
  • by clicking the link, you are forwarded to the F5-Listener for SPX, and authenticated to F5 via SAML
  • F5 then grabs a Kerberos Token (since it only knows the username, not the PW) and authenticates against the SP Auth Provider of SPX
  • Everything fine so far - but
  • If you upload a picture to a feed on SPX, this picture is stored in your own profile, which is located on the same server, but a different service with a different Authentication Provider (SPY)
  • Because of that, the pic can't be displayed, since you are not authenticated on SPY

 

So, I need somehow to configure an automatic, simultaneous authentication to SPY, without any user input or similar.

 

With NTLM, this was easy, since you had the user/pw through the logon page and you could simply define another AuthDomain for SPY.

 

With Kerberos, I think you would need to configure an additional SSO with the other SPN and trigger this second authentication somehow at the same time or after the auth to SPX.

 

But I have no clue, how to trigger this. Via irule? or in the AP itself?

My policy is pretty simple:

 

 

0691T000008tOw1QAE.png

0 REPLIES 0