RHV SSO authentication using Kerberos and LDAP doesn't work for domains with multiple UPN suffixes

Solution Unverified - Updated -


  • Single Sign On (SSO) has been configured in RHV using Kerberos and LDAP with an Active Directory backend.
  • Active Directory consists of 1 domain that has multiple UPN suffixes.
  • Authentication only works for users whose UPN (User Principal Name) suffix is the same as the domain name.


  • Red Hat Virtualization (RHV) 4.4
  • RHV-M SSO with Kerberos and LDAP
  • Microsoft Active Directory

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content