Kerberos AAA login pop-up issue
Folks,
Before posting this question I went through a bunch of posts/articles to fix my issue. Unfortunately, I had to post this anyway to find help to fix my issue!
Here we go!
I have a Virtual server (companyA.example.com:443)
An access policy with a 401 response agent followed by Kerberos Auth agent is assigned to the VIP.
Users are in domain (inside.corp)
AD setup:
A service account is setup on AD server (f5-service-account)
Keytab:
c:>ktpass -princ HTTP/companyA.example.com@INSIDE.CORP -mapuser f5-service-account@INSIDE.CORP -crypto rc4-hmac-nt -ptype KRB5_NT_SRV_HST -pass somepassword -out c:\temp\krb-sso.keytab
SPN
setspn -U -A HTTP/companyA.example.com f5-service-account
F5 setup
The keytab file is uploaded under Access->AAA->kerberos & auth realm INSIDE.CORP is used.
When tested with APM in debug mode, I found below error in the logs
modules/Authentication/Kerberos/KerberosAuthModule.cpp func: "display_status_1()" line: 91 Msg: 8efe1717 : GSS-API error gss_accept_sec_context: d0000 : Unspecified GSS failure. Minor code may provide more information
From Client side, SSO doesn't work and getting a browser pop-up where i can input the credentials. Entering the creds doesn't work either.
APM VPE:
Any help is greatly appreciated! Thanks in advance!