We don't have support for this yet, but
we may add it. Just not sure when...
I've created JIRA
https://issues.jboss.org/browse/KEYCLOAK-1751 .
We may need to create utility, which will start GSSAPI client
interaction ( initSecContext ) and will use the kerberos ticket
from the desktop cache , which will be send in the direct grant
request. Then on keycloak side, we will have
DirectGrantAuthenticator implementation, which will be able to
call "acceptSecContext" and validate token sent from client.
Marek
On 11.8.2015 12:31, Christopher Davies wrote:
I am looking to use KeyCloak to authenticate our
software.
Some of our the components of our software are java desktop
applications.
I know that I can send an openid connection from my
application to KeyCloak to get a JWT. Looking at this
protocol, it seems only to support username/password. Is there
a recommended way to use Kerberose, to authenticate so that my
windows users do not need to type username/password if they
are logged in correctly to their desktops ?
Chris
_______________________________________________
keycloak-user mailing list
keycloak-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user