Last Modified: Apr 28, 2025
Affected Product(s):
BIG-IP APM
Fixed In:
16.1.0
Opened: Aug 28, 2019 Severity: 3-Major
F5 APM Kerberos Auth agent is unable to extract the user group membership info from the Kerberos authentication ticket.
APM is unable to extract user group membership info directly from Kerberos tickets.
This is encountered while using the Kerberos Auth agent
Use Active Directory query module to query on user group membership info from backend AD server during every request. Impact of workaround: this has a negative performance impact
F5 APM modules added capability in Kerberos Authentication module to pull user group membership IDs from Kerberos authentication tickets, and added new AD Group SID Resolver module to resolve group IDs to memorable group names using group cache.