[keycloak-user] Kerberos auth type displays basic auth prompt under Windows
Marek Posolda
mposolda at redhat.com
Thu Jul 20 14:51:37 EDT 2017
Thanks for the reference!
Marek
On 19/07/17 17:13, John Dennis wrote:
> On 07/19/2017 10:45 AM, John Dennis wrote:
>> This is a known issue with just IE. I first became aware of it with
>> Red Hat's IPA product (I often work with that team). Let me ping
>> those folks and see if there is a known resolution.
>
> OK, I got an answer back, here is what was said:
>
>> https://bugzilla.redhat.com/show_bug.cgi?id=1309041
>>
>> tl;dr it's a problem in IE, Edge, and Chrome on Windows. They both use
>> the same library to handle authenticate. HTTP Status Code 401 +
>> "WWW-Authenticate: Negotiate" header cause the log-in prompt to pop up.
>> I was even able to reproduce it with a very simple Python server that
>> just emits the status code and header.
>>
>> Until this issue is fixed by Microsoft, there is only one workaround:
>> use some sort of browser detection and don't return "WWW-Authenticate:
>> Negotiate" HTTP header for any IE, Edge, and Chrome on Windows.
>
>
More information about the keycloak-user
mailing list