1

We are facing an issue where we don't get SSO to work on an IIS web app. We have set Windows-Authentication as enabled and Negotiate and NTLM as providers (IIS Windows Authentication and Providers). We have the same setup on a test-environment where SSO works perfectly. Now I have tried to do a cap of one session (Session capture). The cap, to me, doesn't show much, only that my system is trying to do an HTTP GET 4 times before doing the negotiation and choosing NTLM. Somehow Kerberos is not being used and I don't get a "klist" ticket of the SSO (on the test-environment I get a ticket). I have no clue where to start looking for that problem.

I really appreciate any help you can provide.

If there is anything more I need to add please let me know.

Best, Niclas

Lex Li
  • 912
  • 6
  • 10
Niclas
  • 11
  • 2
  • If a client is not sending the expected Kerberos authentication header or is not including credentials in the auth header, it would help to have more details about the client and how it is configured. – Greg Askew Nov 05 '20 at 14:51
  • 1) NTLM is not SSO. 2) Your IIS side settings won't guarantee Kerberos to work, so you need to involve domain administrators to help analyze. – Lex Li Nov 06 '20 at 18:43

0 Answers0