
<html>

  <head>

    <meta content="text/html; charset=windows-1252"

      http-equiv="Content-Type">

  </head>

  <body bgcolor="#FFFFFF" text="#000000">

    <div class="moz-cite-prefix">I afraid that it won't work ATM. You

      can create JIRA for this though. However I am not sure if it's

      priority for us to do that. <br>

      <br>

      Alternatively you can try to contribute this yourself. Maybe the

      only required thing will be to add NTLM OID (

      1.3.6.1.4.1.311.2.2.10 ) to the list here

      <a class="moz-txt-link-freetext" href="https://github.com/keycloak/keycloak/blob/master/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/impl/SPNEGOAuthenticator.java#L169">https://github.com/keycloak/keycloak/blob/master/federation/kerberos/src/main/java/org/keycloak/federation/kerberos/impl/SPNEGOAuthenticator.java#L169</a>

      . However I afraid it likely won't be that easy...<br>

      <br>

      Marek<br>

      <br>

      On 28/06/16 17:47, Guy Davis wrote:<br>

    </div>

    <blockquote

cite="mid:CAAgmn1o2_H=Zsvmg8C1isTXNRjLB8ffTVWm=rTTHWHhY23FZ9w@mail.gmail.com"

      type="cite">

      <div dir="ltr"><span style="font-size:12.8px">Good day,</span>

        <div style="font-size:12.8px"><br>

        </div>

        <div style="font-size:12.8px">For sake of argument, assume that

          someone has set up a MS Active Directory domain with Kerberos

          disabled, but NTLM still enabled.  In that situation, would a

          user browsing to a Keycloak-protected application, with

          LDAP+SPNEGO enabled (against that MS AD system) still allow

          for Integrated Windows Authentication (auto-login without

          prompt) to web application?</div>

        <div style="font-size:12.8px"><br>

        </div>

        <div style="font-size:12.8px">Thanks much,</div>

        <div style="font-size:12.8px">Guy</div>

        <div style="font-size:12.8px"><br>

        </div>

        <div style="font-size:12.8px">&lt;re-sending today as same

          message yesterday didn't make it through to the list&gt;</div>

      </div>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <br>

      <pre wrap="">_______________________________________________

keycloak-user mailing list

<a class="moz-txt-link-abbreviated" href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a>

<a class="moz-txt-link-freetext" href="https://lists.jboss.org/mailman/listinfo/keycloak-user">https://lists.jboss.org/mailman/listinfo/keycloak-user</a></pre>

    </blockquote>

    <br>

  </body>

</html>