Forum Discussion
Michael_Koyfma1
Apr 18, 2013Cirrus
This should be possible - the only uncertainty I have is with respect to the proxy use case - but you can definitely have a Virtual Server on the LTM+APM that will authenticate mobile users based on the certificate and perform Kerberos SSO to the proxy. Is the proxy transparent or explicit? I am venturing a guess that you are not running HTTP profile on the LTM virtual that load-balances proxies, but if you want to perform authentication, you have to have http profile assigned to it, which means that you now need to do forward SSL proxy on the BIG-IP as well. Thankfully, this functionality is part of version 11.3.