Forum Discussion
eric_haupt1
Oct 09, 2018Nimbostratus
Kevin, So: if the realm is "internal.com" but the user hit the FQDN app1.external.com and the SPN in the @INTERNAL.COM" REALM is HTTP/app1.external.com and the F5 service account is delegated as a host/ for the service SPN
Then the APM SSO service account should be in @INTERNAL.COM? Because it is. The SPN defined for the external service is the only object of the KCD transaction that doesn't define the internal realm in any way.