Can we use multiple 401 agents + Kerberos auth in APM?
Folks,
I have a requirement where users from two different domains (ex: domain1.local & domain2.local) need to authenticate with Kerberos.
Both domains are on two separate domain controllers respectively and users are dispersed over both domains (part of user migration).
So when a user tries to access resources behind the APM, I need user to go through 401 response followed with Kerberos Auth (domain1.local) and if it fails the user should fall back to another 401 response followed with domain2.local kerberos auth.
https://devcentral.f5.com/questions/kerberos-401-authentication-with-form-fallback
The above post only works when there is single negotiation happening. But in my case, there is negotiation and auth param for both authentications.
Below is my access policy, I believe i can make it work except when the initial kerberos auth fails (domain1.local), the browser pops-up for authentication. I do not want this to happen, instead fallback the user to next 401 + Kerberos authentication (domain2.local). Any ideas on how to achieve this?
Any help is appreciated! Thanks