[keycloak-user] Kerberos auth type displays basic auth prompt under Windows

Steven Mirabito smirabito at csh.rit.edu
Tue Jul 18 16:07:06 EDT 2017


Hey,

I have Keycloak configured to check passwords against an MIT Kerberos
server in my user federation source, and that works fine. I then set the
Kerberos authentication type to "alternative" - most of our users will be
coming in from personal devices where they'll just log in via the form, but
we do have a shared machine where this would be nice to have. However, I
started receiving complaints that when this option is enabled, any browser
under Windows will show a basic auth dialog which the user has to cancel
out of to reach the login page (other platforms show a blank "Kerberos
Unsupported" page and then redirect to the normal login page without a
dialog). To make matters worse, I can't seem to turn the option off now -
switching the Kerberos auth type to "disabled" will work for a little bit,
but after a short period of time it will turn itself back on and users will
start to see the basic auth dialog again.

Are these known issues? Ideally, I'd like to be able to have the Kerberos
auth type enabled, but a solution to keep it disabled in the meantime would
be greatly appreciated as well.

Thank you!
-Steven


More information about the keycloak-user mailing list