Solution6: LTM & APM - Client Certificate to Single Domain kerberos SSO

This solution documents all the necessary pieces required to create an APM policy that prompts the user for their certificate then performs kerberos SSO to an application.

Keywords: certificate, ad, active, directory, kerberos, sso

DC: single, multi



The link below only works from the UDF blueprint

Configuration Comments

UDF Deployment Models

BIG-IP Version

Blueprint Version



BIG-IP Components used

  • Virtual Server

    • HTTP Profile

    • Client-side SSL Profile

    • Access Profile

      • AAA LDAP AAA Servers

      • AAA OCSP Responder Servers

      • Kerberos SSO