Reply to Message

View discussion in a popup

Replying to:
Seb1180
Enthusiast
Enthusiast

Don t know if this will help but this is how I got it working with 2 internal connectors for SSO and 2 externals without Kerberos after couple of days scratching my head.

Check and browse to the AD object of your Kerberos connectors from a DC not from the RSAT console and ensure that in the Delegation tab Trust this computer for delegation to any service (Kerberos only) is selected and also in the Attibute Editor tab look for the servicePrincipalName.

I have a split DNS. My workspace is configured on mydomain.com and not on local.mydomain.com.

The values there were set like HOST / connector-va3.local.mydomain.com. Changed them :

HOST / connector-va3.mydomain.com

HOST / connector-va3

also added the one my F5 box is using HOST / connectors.mydomain.com just to be sure.

Then I have unticked the allow redirect box on those connectors (still don t know why but worked without) and got my SSO working.

Hope this will get you out of this issue Smiley Wink

Seb

Also had issues with the X-forwarder-For. For some reason putting the VIP of the F5 box wasn't sufficient. Had to put there also the physical ip's of my F5 LTM

View solution in original post

Reply
0 Kudos