Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

APM: Trigger KCD Login for additional Sharepoint Authentication Provider




we have an issue with KCD, maybe someone has an idea, how to resolve this.


  • external webtop with Link to Sharepoint-Application X (SPX)
  • by clicking the link, you are forwarded to the F5-Listener for SPX, and authenticated to F5 via SAML
  • F5 then grabs a Kerberos Token (since it only knows the username, not the PW) and authenticates against the SP Auth Provider of SPX
  • Everything fine so far - but
  • If you upload a picture to a feed on SPX, this picture is stored in your own profile, which is located on the same server, but a different service with a different Authentication Provider (SPY)
  • Because of that, the pic can't be displayed, since you are not authenticated on SPY


So, I need somehow to configure an automatic, simultaneous authentication to SPY, without any user input or similar.


With NTLM, this was easy, since you had the user/pw through the logon page and you could simply define another AuthDomain for SPY.


With Kerberos, I think you would need to configure an additional SSO with the other SPN and trigger this second authentication somehow at the same time or after the auth to SPX.


But I have no clue, how to trigger this. Via irule? or in the AP itself?

My policy is pretty simple: