If I wanted to create a keytab file using the server name for the SPN, and I hav

What you said makes sense about the keytab existing on the Appian server and referenced in the spring security files, that’s what I thought too. Although, I have been researching and found some sites that state if you are using a reverse proxy (which I’m guessing Apache is acting as a reverse proxy), then you would add the SPN for both the DNS and physical host name of the reverse proxy, not the application server. So maybe the SPN is for what a user would actually type into the URL to get to the resource, which would either be the DNS or host name of the Apache web server. From one site, it states “To negotiate the SPN (service principal name "HTTP/..."), the browser does a DNS lookup from the host name used in the URL, and then a reverse-DNS lookup from the answered IP address to get the FQDN of the server. This FQDN is used in the SPN.” So now I’m thinking I would use the DNS and server name of the Apache web server, but still not sure. Guess I can try that first and see what happens. Thanks.

What you said makes sense about the keytab existing on the Appian server and referenced in the spring security files, that’s what I thought too. Although, I have been researching and found some sites that state if you are using a reverse proxy (which I’m guessing Apache is acting as a reverse proxy), then you would add the SPN for both the DNS and physical host name of the reverse proxy, not the application server. So maybe the SPN is for what a user would actually type into the URL to get to the resource, which would either be the DNS or host name of the Apache web server. From one site, it states “To negotiate the SPN (service principal name "HTTP/..."), the browser does a DNS lookup from the host name used in the URL, and then a reverse-DNS lookup from the answered IP address to get the FQDN of the server. This FQDN is used in the SPN.” So now I’m thinking I would use the DNS and server name of the Apache web server, but still not sure. Guess I can try that first and see what happens. Thanks.