Last Modified: Nov 07, 2022
See more info
Known Affected Versions:
11.3.0, 11.4.0, 11.4.1, 11.5.0, 11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.10, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.5.4, 11.5.4 HF1, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3
12.0.0, 11.6.0 HF4, 11.5.4 HF2, 11.4.1 HF9
Opened: Jul 28, 2014
Related Article: K71224903
Kerberos Request-Based Auth (RBA) failure when session is initially created on a different VIP.
Error occurs with no error message. The system should post an error message similar to the following: (Failure VIP Name): Kerberos Request-Based Auth failed because session was initially created on a different VIP (Original VIP Name). Please either disable RBA on the originating access profile, or remove the domain cookie.
APM access policy is configured with Kerberos authentication and the attempted authentication session was was initially created on a different VIP.
Either disable RBA on the originating access profile, or remove the domain cookie.
With the fix, APMD correctly handles the request for Kerberos Request-Based Auth, and posts the proper error message.