Yes, kerberos works fine.  AuthorizeClientUtil.authorizeClient(authorizationHeader, formParams, event, realm);  throws an UnauthorizedException exception because the authorization header contains Negotiate xxx instead of Basic xxx. Jira: https://issues.jboss.org/browse/KEYCLOAK-1595 Am 22. Juli 2015 um 14:23 schrieb Bill Burke <bburke(a)redhat.com&gt;: So, the problem isn't that kerberos doesn't work, its that code to token doesn't work (neither does bearer)? On 7/22/2015 4:07 AM, Michael Gerber wrote: Hi all My kerberos configuration works fine with FireFox and Chrome, but it does not work with IE. It shows a prompt where the user has to enter a username and password. I can successfully get an access code, but I can not get an access token, because IE overwrites the Authorization header in the AJAX request. (see http://stackoverflow.com/questions/28615850/internet-explorer-11-replaces...) I can fix this by adding document.execCommand('ClearAuthenticationCache', 'false'); above of var req = new XMLHttpRequest(); approximately at the line 374 in the keycloack.js file. Is there another solution for this problem? cheers Michael _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev -- Bill Burke JBoss, a division of Red Hat http://bill.burkecentral.com _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev