I like the idea of using nginx to handle load balancing, HTTPS termination & reverse proxy. Would work in such a configuration? I’ve never tried this.
Unfortunately I have no experience with sso :(
As we are pretty dynamic with the "AWI Hosts" this will be not so easy to accomplish:
Automic recommendscreating SPNs for each AWI host(one SPN with the host name and one with the fully qualified domain name).
But I think this is not a show stopper, right?
From what I understand the kerberos token is placed within the HTTP header, this should be no problem to pass on during the proxy/termination, actually this is common practice, AFAIK, that the headers don't get stripped, as you have a lot of other crucial information in them most of the time.