Forum Discussion
Gavin_Connell-O
Oct 02, 2013Nimbostratus
You're right, we do need two VIPs, one port 80 and one 443. I've just put together the following diagram of the logic flow. I hope this explains and reduces down the requirements a little. I'm mainly lacking an understanding of how to grab kerberos tickets on the client side and run an AD query agianst the credentials in them. All I need the APM to do is identify the user and then do a query in AD for group membership, so that might actually be a little easier than full kerberos delegated authentication? ![Image Text](/Portals/0/Users/008/52/31752/Websites Improvement Project - Access Policy Logical Overview v0.1.jpg)