I could find a solution for my IE problem.
IE overwrites the Authorization header in the XMLHttpRequest
(/protocol/openid-connect/token) with "Authorization: Negotiate".
To solve this problem, I added on the client the client_id and client_secret to the form
and changed the authorizeClient method, so it checks first the form data instead of the
authorization http header.
Have a look at my code:
https://github.com/gerbermichi/keycloak/commit/32880b210ed27f782a2f9fcd01...
Should I create a pull request for the changes or do you have a better solution?
cheers
Michael
Am 22. Juli 2015 um 11:46 schrieb Marek Posolda <mposolda(a)redhat.com>:
Hi Michael,
No idea if there is other solution, I've never tried SPNEGO with Internet explorer TBH
:(
Could you please create JIRA for this?
Thanks,
Marek
On 22.7.2015 10:07, Michael Gerber wrote:
Hi all
My kerberos configuration works fine with FireFox and Chrome, but it does not work with
IE.
It shows a prompt where the user has to enter a username and password.
I can successfully get an access code, but I can not get an access token, because IE
overwrites the Authorization header in the AJAX request.
(
see http://stackoverflow.com/questions/28615850/internet-explorer-11-repl...)
I can fix this by adding
document.execCommand('ClearAuthenticationCache', 'false');
above of
var req = new XMLHttpRequest();
approximately at the line 374 in the keycloack.js file.
Is there another solution for this problem?
cheers
Michael
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev