kerberos SSO not working on non company laptops

Question

Hello,&nbsp;
I have configured a service with APM ( 2 factor authnetication) and seems to be working fine till we don't enable SSO. User enables Kerberose based authentication and wants me to have sso, so that when the client authneticate to APM, that username and password should be passed on to the AD to get Kerberose ticket. &nbsp;
WE are not able to get the kerberose tickets when we use a personal laptop. &nbsp;
Please advise if this is possible.&nbsp;
The relevant logs are &nbsp;
Kerberos: realm for user is not set, using server's realm xxx.com
 S4U ======&gt; /Extranet/ap_vwikidev.statoil.no_Nov_1:Extranet:4e278373: ctx: 0x850a2c8, user: xxx@xxx.com, SPN: XXX&nbsp;
&nbsp;I have followed the steps mentioned in https://devcentral.f5.com/articles/apm-cookbook-single-sign-on-sso-using-kerberos&nbsp;
Please advise 
 Regards
 Sheetal&nbsp;

stanislas_piro2 · Answer

Hi,&nbsp;
I guess the issue is for all users, not only non company laptops.&nbsp;
When working with kerberos SSO, kerberos authentication request never sent on the client side.&nbsp;
What application are you configuring?&nbsp;
Is the IIS application configured with a dedicated user account?&nbsp;
If yes, Is this account configured with a Service Principal Name?&nbsp;
If yes, Does the Application configured with parameter useAppPoolCredenVals true?&nbsp;

Forum Discussion

kerberos SSO not working on non company laptops

1 Reply

Recent Discussions

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Related Content

F5 iRUule not working

Kerberos Is Easy - Part 1

Transparent Kerberos Authentication and APM fallback authentication

Re: Forgotten Boa, Aurora botnet, Kerberos & Twitter - Nov 19th-25th - F5 SIRT - This Week in Se

monitor does not work https