<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">It may help if you enable all the
possible debug/trace logging and post the log here. This may give
more info what is the issue. See docs how to enable logging :
<a class="moz-txt-link-freetext" href="https://keycloak.gitbooks.io/server-adminstration-guide/content/v/2.0/topics/authentication/kerberos.html">https://keycloak.gitbooks.io/server-adminstration-guide/content/v/2.0/topics/authentication/kerberos.html</a><br>
<br>
Try to send the log from the point once you trigger the
authentication request (or from the point when you hit your app
URL)<br>
<br>
Thanks,<br>
Marek<br>
<br>
On 24/06/16 20:22, Zhou, Limin (Ray) wrote:<br>
</div>
<blockquote
cite="mid:0ABE2BE06E188B4FA117BC5D9D11ECCF5051DCDD@sq9bmexpr03.MONAD.MONERIS.COM"
type="cite">
<meta http-equiv="Content-Type" content="text/html;
charset=windows-1252">
<meta name="Generator" content="Microsoft Word 15 (filtered
medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:SimSun;
        panose-1:2 1 6 0 3 1 1 1 1 1;}
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:"\@SimSun";
        panose-1:2 1 6 0 3 1 1 1 1 1;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:#0563C1;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:#954F72;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri",sans-serif;
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri",sans-serif;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal">Hello everyone<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">I am new to Keycloak and new to here<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Our web application is running on Jboss EAP
7, We have configured KeyCloak standalone server 1.9.7 running
on different port(same server box) to manage the user
authentication and authorization, behind KeyCloak we have
configured Keberos in User Federation to talk our company AD
server, we are able to login by using our AD account, but not
in single sign on way, each time when we hitting the our app
URL, the Keycloak login page will show up.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">It looks like the TGT or ST hand shake was
not successful, is there any document I can reference it to
debug the issue?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Any comments or suggestion would be very
welcome<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">thanks in advance<o:p></o:p></p>
<p class="MsoNormal">raymond<o:p></o:p></p>
</div>
<hr>
<font size-?9?="" color="Black" face="Arial">Moneris Solutions
Corporation | 3300 Bloor Street West | Toronto | Ontario | M8X
2X2 | Canada <a class="moz-txt-link-abbreviated" href="http://www.moneris.com">www.moneris.com</a> 1-866-319-7450
<br>
If you wish to unsubscribe from future updates from Moneris,
please click <a moz-do-not-send="true"
href="https://www.moneris.com/en/About-Moneris/Contact-Moneris/Unsubscribe.aspx">here</a>.
Please see the Moneris Privacy Policy <a moz-do-not-send="true"
href="http://www.moneris.com/Home/Legal/Website-Policies/Privacy-Policy.aspx">
here</a>. <br>
<br>
This e-mail may be privileged and/or confidential, and the
sender does not waive any related rights and obligations. Any
distribution, use or copying of this e-mail or the information
it contains by other than an intended recipient is unauthorized.
If you received this e-mail in error, please advise me (by
return e-mail or otherwise) immediately.
<hr>
Corporation Solutions Moneris | 3300, rue Bloor Ouest | Toronto
| Ontario | M8X 2X2 | Canada <a class="moz-txt-link-abbreviated" href="http://www.moneris.com">www.moneris.com</a> 1-866-319-7450
<br>
Si vous désirez enlever votre nom de la liste d’envoi de
Moneris, veuillez cliquer
<a moz-do-not-send="true"
href="https://www.moneris.com/about-moneris/contact-moneris/unsubscribe?sc_lang=fr-CA">ici</a>.
Veuillez consulter la Politique de confidentialité de Moneris <a
moz-do-not-send="true"
href="http://www.moneris.com/Home/Legal/Website-Policies/Privacy-Policy.aspx?sc_lang=fr-CA%20">ici</a>.
<br>
<br>
Ce courriel peut contenir des renseignements confidentiels ou
privilégiés, et son expéditeur ne renonce à aucun droit ni à
aucune obligation connexe. La distribution, l’utilisation ou la
reproduction du présent courriel ou des renseignements qu’il
contient par une personne autre que son destinataire prévu sont
interdites. Si vous avez reçu ce courriel par erreur, veuillez
m’en aviser immédiatement (par retour de courriel ou autrement).
</font>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
</blockquote>
<br>
</body>
</html>