I am using Cisco CSM as a load balancer for my servers which is enabled with Single Sign-on. I have enabled session stickiness as netmask (source IP).
My application IE client is using two hops with http request. Since we have enabled Single sign-on, the first time i send a request , the server responses with 401 response, then the client send the kerberos ticket with credentials to the server.
So there are 2 hops, I wantmy CSM to maintian session stickiness to the same server.So we enabled "netmask" stickiness on CSM.
Now when we test the environemnt, without CSM load balancer, the scenario is working fine.The communication is happening well with client and server. But when we enable CSM and netmask, we are facing lot of issues on the server side. The two hops are going to same server, but information about the ticket is not reaching the Apache/tomcat enabled server. We confirmed this using Ethereal tool.
We find that the Cisco CSM load balancer drops the kerberos ticket from the request and sends to the server. SO client is not getting authenticated as ticket is not reaching the server.
We want to know two things:
1. Is CSM not able to recogonize the kerberos ticket?
2. Can we enable kerberos protocol on CSM so that it recogonize kerberos requests from client.
Thanks in advance