Forum Discussion

Muhannad_64809's avatar
Muhannad_64809
Icon for Nimbostratus rankNimbostratus
Feb 24, 2018

My issue in the Single-Sign-on (SSO) used by Kerberos Constrained Delegation when we redirect the traffic to the F5 load balancer.

Dears,

 

I am facing an issue in the Single-Sign-on (SSO) used by Kerberos Constrained Delegation when integrated with F5.

 

We are using Web Proxy over the cloud, our Web services are published over this cloud portal so basically the client is accessing the portal in the cloud by using their Office 365 credentials then redirected to our internal primes applications when they click any of the published services over the portal, the authentication is working seamless where the user authenticate only once when access the portal (Kerberos is doing its job), this SSO break when we redirect the traffic to the load balancer, the user is getting another credential request once he is trying to access a service.

 

I was reading this article and i am not sure if this is applicable to my case coz i dont want to use a logon page from the F5 APM, i need only to pass the authentication when the server send the 401 response which contain the challaenge: https://devcentral.f5.com/articles/apm-cookbook-single-sign-on-sso-using-kerberos

 

At the other side, i was reading this document, also i am not sure if it is working for my case: https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-single-sign-on-11-6-0/9.html

 

I would appreciate any help for my scenario and what should i do?

 

Regards, Muhannad

 

11 Replies