<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    <div class="moz-cite-prefix">I afraid that it won't work ATM. You
      can create JIRA for this though. However I am not sure if it's
      priority for us to do that. <br>
      <br>
      Alternatively you can try to contribute this yourself. Maybe the
      only required thing will be to add NTLM OID (
      1.3.6.1.4.1.311.2.2.10 ) to the list here
      <a class="moz-txt-link-freetext" href="https://github.com/keycloak/keycloak/blob/master/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/impl/SPNEGOAuthenticator.java#L169">https://github.com/keycloak/keycloak/blob/master/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/impl/SPNEGOAuthenticator.java#L169</a>
      . However I afraid it likely won't be that easy...<br>
      <br>
      Marek<br>
      <br>
      On 28/06/16 17:47, Guy Davis wrote:<br>
    </div>
    <blockquote
cite="mid:CAAgmn1o2_H=Zsvmg8C1isTXNRjLB8ffTVWm=rTTHWHhY23FZ9w@mail.gmail.com"
      type="cite">
      <div dir="ltr"><span style="font-size:12.8px">Good day,</span>
        <div style="font-size:12.8px"><br>
        </div>
        <div style="font-size:12.8px">For sake of argument, assume that
          someone has set up a MS Active Directory domain with Kerberos
          disabled, but NTLM still enabled.  In that situation, would a
          user browsing to a Keycloak-protected application, with
          LDAP+SPNEGO enabled (against that MS AD system) still allow
          for Integrated Windows Authentication (auto-login without
          prompt) to web application?</div>
        <div style="font-size:12.8px"><br>
        </div>
        <div style="font-size:12.8px">Thanks much,</div>
        <div style="font-size:12.8px">Guy</div>
        <div style="font-size:12.8px"><br>
        </div>
        <div style="font-size:12.8px">&lt;re-sending today as same
          message yesterday didn't make it through to the list&gt;</div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
keycloak-user mailing list
<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>
<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>
    </blockquote>
    <br>
  </body>
</html>