[keycloak-dev] Kerberos with IE does not work
Michael Gerber
gerbermichi at me.com
Wed Jul 22 09:00:14 EDT 2015
Yes, kerberos works fine.
AuthorizeClientUtil.authorizeClient(authorizationHeader, formParams, event, realm);
throws an UnauthorizedException exception because the authorization header contains Negotiate xxx instead of Basic xxx.
Jira: https://issues.jboss.org/browse/KEYCLOAK-1595
Am 22. Juli 2015 um 14:23 schrieb Bill Burke <bburke at redhat.com>:
So, the problem isn't that kerberos doesn't work, its that code to token
doesn't work (neither does bearer)?
On 7/22/2015 4:07 AM, Michael Gerber wrote:
Hi all
My kerberos configuration works fine with FireFox and Chrome, but it
does not work with IE.
It shows a prompt where the user has to enter a username and password.
I can successfully get an access code, but I can not get an access
token, because IE overwrites the Authorization header in the AJAX
request. (see
http://stackoverflow.com/questions/28615850/internet-explorer-11-replaces-authorization-header)
I can fix this by adding
document.execCommand('ClearAuthenticationCache', 'false');
above of
var req = new XMLHttpRequest();
approximately at the line 374 in the keycloack.js file.
Is there another solution for this problem?
cheers
Michael
_______________________________________________
keycloak-dev mailing list
keycloak-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com
_______________________________________________
keycloak-dev mailing list
keycloak-dev at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20150722/eee9f6d1/attachment.html
More information about the keycloak-dev
mailing list