Forum Discussion
Antoine_80417
Oct 24, 2013Nimbostratus
Hi,
I don't know if you still have the issue but I ran into it today too.
From what I figured out, the problem is caused by the Kerberos cache. When you have a Kerberos ticket in the cache for a user that was delegated by the account for domain A, and that you want to access an application that use the SSO configuration for domain B, the ticket generation will fail because the AD will not be able to decrypt the ticket issued earlier. Don't know if it's clear enough... I will open a case to the F5 support because from what I understand the Kerberos cache is shared and it should not be.
Antoine
- Kevin_StewartOct 24, 2013EmployeeThanks for the insight Antoine. There's already a case open for this (probably a few), but please do open another. This will help elevate the cause.