[keycloak-user] Fwd: Login a Java Fat Client with Windows Kerberos Token agains Keycloak backed by AD?

It's not yet supported OOTB. There is already JIRA opened for the long time. Feel free to add a vote :) However it should be already possible to implement it if you write custom authenticator and put it into the "Direct Grant Flow" authentication flow for the realm. Then your Java Fat Client will be able to send the token in the "Authorization: Negotiate token" header and your authenticator can then authenticate this request. Feel free to send PR if you manage to have it working. See our docs and examples for Authentication SPI for more details. Marek On 07/06/17 15:13, Malte Finsterwalder wrote: > Hi, > > I have the following setup: > > I'm programming a Java Fat Client application. I want to integrate it into > SSO with Keycloak. > Our Keycloak is connected to our Windows Active Directory (AD). > > So my idea is, that my Fat Client uses the Windows 7 Kerberos Token and > sends that to Keycloak. Keycloak should authorize the token agains the AD > and send back an authorization token to the Fat Client, so I can later use > this Keycloak token to access other Rest-Services. > > Fat Client (with Kerberos Token) -> Keycloak -> AD > Fat Client (with Keycloak Token) -> REST-Service > > I can't find anything in the documentation regarding this szenario. > Is this possible? And if so, how? > > Greetings, > Malte > _______________________________________________ > keycloak-user mailing list > keycloak-user(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-user >