We have a scenario where SharePoint is deployed across to data centers behind two APMs. EU and US. Users in US hit the main sharepoint site in EU and get authenticated by APM, they click on another site within sharepoint called ' mysite ' which is hosted on US APM for US users. The APM in US obviously has no information of user session so SSO breaks and users gets asked to login again by US APM. Domain is same and we have tried defining domain cookie but it wont work as MRH session cookie is not accepted by US APM.
Long story short, we were thinking about using SAML and creating one central idP and have sharepoint site's behind APM SPs. Now, how would we go about server side sso for sharepoint using kerberos. I havent done Kerberos SSO for an SP to pass to back end yet so kinda struggling.
Please suggest and if anybody else had the same scenario and used another method, please help.