[keycloak-user] Kerberos auth type displays basic auth prompt under Windows
John Dennis
jdennis at redhat.com
Wed Jul 19 11:13:14 EDT 2017
On 07/19/2017 10:45 AM, John Dennis wrote:
> This is a known issue with just IE. I first became aware of it with Red
> Hat's IPA product (I often work with that team). Let me ping those folks
> and see if there is a known resolution.
OK, I got an answer back, here is what was said:
> https://bugzilla.redhat.com/show_bug.cgi?id=1309041
>
> tl;dr it's a problem in IE, Edge, and Chrome on Windows. They both use
> the same library to handle authenticate. HTTP Status Code 401 +
> "WWW-Authenticate: Negotiate" header cause the log-in prompt to pop up.
> I was even able to reproduce it with a very simple Python server that
> just emits the status code and header.
>
> Until this issue is fixed by Microsoft, there is only one workaround:
> use some sort of browser detection and don't return "WWW-Authenticate:
> Negotiate" HTTP header for any IE, Edge, and Chrome on Windows.
--
John
More information about the keycloak-user
mailing list