cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2286
Views
0
Helpful
1
Replies
Highlighted
Beginner

http connection problems with kerberos authentication using Cisco ACE

Does anyone know how this problem can be solved?

https://supportforums.cisco.com/thread/133381

Regards,

Hesham

1 REPLY 1
Highlighted
Beginner

http connection problems with kerberos authentication using Cisc

Hesham,

Easy fix

Create a HTTP parameter map, and assign it to the class in the service-policy.

parameter-map type http HTTP

  case-insensitive

  persistence-rebalance

  set header-maxparse-length 65535

  set content-maxparse-length 65535

  length-exceed continue

policy-map multi SLB

class VIP

poli ..

load ..

blah blah

appl-parameter http advanced-options HTTP

Basically, this is what happens:

The kerberos ticket is too big to fit in the HTTP header. Thats, it's to big for ACE, which caps the header size at 4K by default.

Try before you buy test:


Create an user within Active Directory, and only assign it to the bare minimum of security groups.

Then try accessing the website, before applying the configuration.

Cheers mate,

Søren Elleby Sørensen