<html><body><div>I could find a solution for my IE problem.</div><div><br></div><div>IE overwrites the Authorization header in the XMLHttpRequest (/protocol/openid-connect/token) with "Authorization: Negotiate". </div><div><br></div><div>To solve this problem, I added on the client the client_id and client_secret to the form and changed the authorizeClient method, so it checks first the form data instead of the authorization http header.</div><div><br></div><div>Have a look at my code: </div><div><a href="https://github.com/gerbermichi/keycloak/commit/32880b210ed27f782a2f9fcd01da4df21ee0953c">https://github.com/gerbermichi/keycloak/commit/32880b210ed27f782a2f9fcd01da4df21ee0953c</a></div><div><br></div><div>Should I create a pull request for the changes or do you have a better solution?</div><div><br></div><div>cheers</div><div>Michael</div><div><br></div><div><br></div><div><br>Am 22. Juli 2015 um 11:46 schrieb Marek Posolda <<a onclick="return false;" href="mailto:mposolda@redhat.com" data-mce-href="mailto:mposolda@redhat.com">mposolda@redhat.com</a>>:<br><br></div><div><div><blockquote type="cite"><div class="msg-quote"><div class="moz-cite-prefix">Hi Michael,<br> <br> No idea if there is other solution, I've never tried SPNEGO with Internet explorer TBH :(<br> <br> Could you please create JIRA for this? <br> <br> Thanks,<br> Marek<br> <br> On 22.7.2015 10:07, Michael Gerber wrote:<br></div><blockquote type="cite"><div>Hi all</div><div><br></div><div>My kerberos configuration works fine with FireFox and Chrome, but it does not work with IE.</div><div>It shows a prompt where the user has to enter a username and password.</div><div><br></div><div>I can successfully get an access code, but I can not get an access token, because IE overwrites the Authorization header in the AJAX request. (see <a href="http://stackoverflow.com/questions/28615850/internet-explorer-11-replaces-authorization-header" data-mce-href="http://stackoverflow.com/questions/28615850/internet-explorer-11-replaces-authorization-header">http://stackoverflow.com/questions/28615850/internet-explorer-11-replaces-authorization-header</a>)</div><div><br></div><div>I can fix this by adding </div><div>document.execCommand('ClearAuthenticationCache', 'false');</div><div>above of </div><div>var req = new XMLHttpRequest();</div><div>approximately at the line 374 in the keycloack.js file.</div><div><br></div><div>Is there another solution for this problem?</div><div><br></div><div>cheers</div><div>Michael</div><br><fieldset class="mimeAttachmentHeader"></fieldset><br><pre>_______________________________________________
keycloak-dev mailing list
<a class="moz-txt-link-abbreviated" onclick="return false;" href="mailto:keycloak-dev@lists.jboss.org" data-mce-href="mailto:keycloak-dev@lists.jboss.org">keycloak-dev@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-dev" data-mce-href="https://lists.jboss.org/mailman/listinfo/keycloak-dev">https://lists.jboss.org/mailman/listinfo/keycloak-dev</a></pre></blockquote><br></div></blockquote></div></div><style class="_message-styles">div.msg-quote { background-color:#FFFFFF;}
</style></body></html>