Forum Discussion
Yann_Desmarest_
Nacreous
APM retain the kerberos ticket that you already played and fallback to a 401 prompt as it doesn't allow to replay the same kerberos token multiple times. You have to clear your Authentication cache on the Browser side. We workaround this behavior by injecting a javascript code within the response to the client. Here is an example of javascript function that work : void(document.execCommand('ClearAuthenticationCache').
The issue is that Internet Explorer send the same kerberos token every time until you close your browser or remove the cache. And APM doesn't support it...
Yann_Desmarest_
May 07, 2016Nacreous
Don't try in 12.0.0, but I can confirm that this issue still exists in 11.6.0. Moreover, the workaround provided clear the credential caching only. But works for IE only :(
For your information, we get this issue when the user authenticate using Kerberos, then logout and re-login fail because the same kerberos token is played on the client side and rejected by APM. If you trigger a different scenario, have a look at the Request Based Auth feature on the kerberos AAA object