Forum Discussion

Robert_Early_71's avatar
Robert_Early_71
Icon for Nimbostratus rankNimbostratus
Jan 20, 2015

Transparent Authentication for Network Access VPN in APM

Hi, We are trying to implement transparent authentication access to a Network Access resource in APM using client certificates and Kerberos. The tech articles I have found cover how to implement this for backend Web services for instance, but I am unsure how to implement it for a full VPN on APM.

 

In particular, where it refers "add all your services to the list under Services to which this account can present delegated credentials. Every service should have Service Type HTTP (or http) and host name of the pool member or web application resource host that you will use in your configuration." I am unsure what should be done here in this case?

 

APM
deployment
kerberos
security

3 Replies

Sort By
  • boneyard's avatar
    boneyard
    Icon for MVP rankMVP
    Jan 20, 2015

    the line you quote comes from an article about kerberos SSO, something which im not sure you need to do with network access. as you can see it often relates to portal access where your client isn't able to do SSO itself, but the APM has to do it for the client.

     

    with a VPN your client can do much more, as it has "full" network access, you might not have to do SSO.

     

    so are you sure you need to do kerberos SSO or just want to do kerberos on the outside to authenticate against the APM?

     

  • Robert_Early_71's avatar
    Robert_Early_71
    Icon for Nimbostratus rankNimbostratus
    Jan 21, 2015

    It is just to authenticate the user on the outside, so it's isn't SSO in that sense. The only requirement is that the user does not have to log in again connecting to APM.