Failed to authenticate using AD identity provider. SSG log is showing error: 

8200: Could not process Kerberos token (Negotiate); error is 'KrbException: Checksum failed'

API Gateway 9.x, 10.x, 11.x

"KrbException: checksum failed" message occurred because the customer is using the SPN with HTTP instead of http (uppercase vs lowercase). 

Regenerate the keytab file using the correct SPN (with lowercase http): 

 ktpass –princ http/<Gateway_Cluster_Hostname>@DOMAIN.COM –mapuser <user_Name> -pass <user_Password> –out <keytab_Name> 

REF: Generate a Kerberos Keytab