CSS Rule setup and portal kerberos authentication

rich.polyak · ‎09-13-2007

Good afternoon, We are having and issue with the following setup:

The issue is this: All users hitting a global portal that is not on this set of CSS's. In that portal when they select this application, I'm being told they are being redirected to this set of CSS's. The issue is I'm being told that there portal kerberos authentication is not working? All authentication would be handled via Windows AD infrastructure.

Can anybody take a look at my setup and see if I'm missing something? Will I have to use local services instead of redirect services? They really want to utilize the redirect services.

Thx

-Rich

owner xxxx

content short

vip address x.x.x.x

redirect "//test.company.com:50100/irj"

protocol tcp

port 80

url "//short_name/"

active

content fqdn

vip address x.x.x.x

redirect "//test.company.com:50100/irj"

protocol tcp

port 80

url "//test.company.com/"

active

content lb_rule

vip address x.x.x.x

balance weightedrr

advanced-balance sticky-srcip

url "//test.company.com:50100/*"

protocol tcp

port 50100

add service srv1

add service srv2 weight 5

active

service srv1

ip address x.x.x.x

keepalive type http

keepalive port 50100

keepalive uri "/index.html"

type redirect

port 50100

active

service srv2

ip address x.x.x.x

keepalive type http

keepalive port 50100

keepalive uri "/index.html"

type redirect

port 50100

active

Gilles Dufour · ‎09-14-2007

you should capture a sniffer trace on the client, css and kerberos server to see what is going on.

Understand the flow of the traffic and see where is the problem.

A config like this is ok. But it may require some twiking for kerberos in your environment.

Gilles.

rich.polyak · ‎09-14-2007

Gilles,

Thanks for the reply. For the portal kerberos to work I had to modify the services. I added a redirect domain.

domain site.company.com:50100

Thx

-Rich