I need a Kerberos SSO Konfiguration where the APM reads the credentials of the client (Win10-Clients, MS-AD) and delivers the credentials to the Application-Server.
I've read through: https://devcentral.f5.com/articles/apm-cookbook-single-sign-on-sso-using-kerberos and https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-authentication-sso-13-1-0/26.html#guid-31b73ce7-2799-4c33-86f4-3dd116eb4869
but anyway I don't find a a way without logon-page or client-cert-inspection.
Am I wrong, that this would work without any auth-pop-up?
The SSO-config for Kerberos is clear, I've got the account from the AD-Admins, but the policy itself, there I'm a little bit confused