Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

I want the APM to do Kerberos Authentication then pass the Kerberos ticket over to another System.

Wasfi_Bounni
Cirrostratus
Cirrostratus

Hi;

 

I have a scenario where I need the BIG-IP APM to do Kerberos Authentication of domain users, seamlessly "without any prompts", then pass on the Kerberos ticket to a Proxy Server, which in turn does Kerberos Authentication of users against the same AD domain controller. All this seamlessly. Can this be done and if so, is there a paper or a document specifying how this can be implemented?

 

Kindly

Wasfi

1 ACCEPTED SOLUTION

Daniel_Wolf
Nacreous
Nacreous

Hi Wasfi,

 

are looking for help implementing Kerberos Constrained Delegation?

"In Kerberos SSO constrained delegation, the BIG-IP APM system first authenticates users by requesting their credentials once and thereafter reusing the cached identity to seamlessly log the user in to the secured web applications."

There is a KB article: K43063049: Configuring BIG-IP APM Kerberos SSO constrained delegation for portal access

 

It does not 100% match your use case, but contains all required config steps on the BIG-IP.

 

KR

Daniel

View solution in original post

1 REPLY 1

Daniel_Wolf
Nacreous
Nacreous

Hi Wasfi,

 

are looking for help implementing Kerberos Constrained Delegation?

"In Kerberos SSO constrained delegation, the BIG-IP APM system first authenticates users by requesting their credentials once and thereafter reusing the cached identity to seamlessly log the user in to the secured web applications."

There is a KB article: K43063049: Configuring BIG-IP APM Kerberos SSO constrained delegation for portal access

 

It does not 100% match your use case, but contains all required config steps on the BIG-IP.

 

KR

Daniel