KCD for external websites via F5 APM

Hello,

We are in the process of setting up VMWare Airwatch for our mobility platform. However, we are running into issues trying to get browsing (via per-app-vpn) to work for our external Salesforce site that requires an authentication via Kerberos on our internal ADFS.

I found this document that was jointly created by VMWare and yourselves: https://www.vmware.com/pdf/vidm_implementing_SSO_to_kdc-and-hb_apps.pdf

However, it doesn't respond to our needs...to summarize quickly, here are the steps for accessing a legacy Kerberos application:

We declare the Salesforce link on VIDM
User clicks on link via Workspace One on mobile device
SAML assertion is sent to the F5 APM
APM transforms it into KCD
APM will send this to the device
End user is logged into the application

The problem here is that the Salesforce site does a redirect to our internal ADFS server and then sends the auth request to the device which it won't know how to deal with... If the auth request was dealt with on the Salesforce end, then we wouldn't have the issue...

I'd appreciate any experts chiming in here who could clarify this for us and maybe suggest an alternative browsing solution for us via the F5 APM without VIDM/WorkspaceOne, maybe using a simple on-demand VPN?

Thanks

APM

security

Forum Discussion

KCD for external websites via F5 APM

Recent Discussions

SMS server with BIGIP

F5 terminal - help to run commands - disk space full

Can iRule be used to perform exception of IPI category based on Geolocation

[ASM] - what is "Browser Challange file" ?

LDAPS and renegotiation

Related Content

Troubeshooting website connection

CSV to Address External Datagroup File

Fake website, Gmail guideline, GPS spoofing, OWASP LLM, Jan 1st–5th F5SIRT This Week in Security

F5 Websites Accessibility Survey

F5 DNS for External websites