<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">We don't have support for this yet, but
we may add it. Just not sure when... <br>
<br>
I've created JIRA <a class="moz-txt-link-freetext" href="https://issues.jboss.org/browse/KEYCLOAK-1751">https://issues.jboss.org/browse/KEYCLOAK-1751</a> .<br>
<br>
We may need to create utility, which will start GSSAPI client
interaction ( initSecContext ) and will use the kerberos ticket
from the desktop cache , which will be send in the direct grant
request. Then on keycloak side, we will have
DirectGrantAuthenticator implementation, which will be able to
call "acceptSecContext" and validate token sent from client.<br>
<br>
Marek<br>
<br>
On 11.8.2015 12:31, Christopher Davies wrote:<br>
</div>
<blockquote
cite="mid:CAN9XQgzaNAgE0s8rqyo=i=OF795Mp950HqehA8Vv3tz8s02LZQ@mail.gmail.com"
type="cite">
<div dir="ltr">I am looking to use KeyCloak to authenticate our
software.
<div>Some of our the components of our software are java desktop
applications.</div>
<div><br>
</div>
<div>I know that I can send an openid connection from my
application to KeyCloak to get a JWT. Looking at this
protocol, it seems only to support username/password. Is there
a recommended way to use Kerberose, to authenticate so that my
windows users do not need to type username/password if they
are logged in correctly to their desktops ?</div>
<div><br>
</div>
<div>Chris</div>
<div><br>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</body>
</html>