I am trying to secure a URL with KeyCloak, backed by Kerberos. I've followed the below link, but sadly not not seeing what i would expect.

The exploded war web.xml contains:

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee"
  xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
  version="2.5">

  <listener>
    <listener-class>io.apiman.gateway.platforms.war.listeners.WarGatewayBootstrapper</listener-class>
  </listener>

  <!-- Gateway Servlet -->
  <servlet>
    <servlet-name>GatewayServlet</servlet-name>
    <servlet-class>io.apiman.gateway.platforms.war.servlets.WarGatewayServlet</servlet-class>
  </servlet>
  <servlet-mapping>
    <servlet-name>GatewayServlet</servlet-name>
    <url-pattern>/*</url-pattern>
  </servlet-mapping>

  <security-constraint>
        <web-resource-collection>
            <web-resource-name>apiman-gateway</web-resource-name>
            <url-pattern>/apiman-gateway/*</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <role-name>user</role-name>
        </auth-constraint>
        <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>


<login-config>
        <auth-method>KEYCLOAK</auth-method>
        <realm-name>this is ignored currently</realm-name>
    </login-config>

    <security-role>
        <role-name>user</role-name>
    </security-role>

</web-app>

And the keycloak.json file in the WEB-INF folder contains:

{
  "realm": "apiman",
  "realm-public-key": "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxyG61ohrfJQKNmDA/ePZtqZVpPXjwn3k3T+iWiTvMsxW2+WlnqIEmL5qZ09DMhBH9r50WZRO2gVoCb657Er9x0vfD6GNf/47XU2y33TX8axhP+hSwkv/VViaDlu4jQrfgPWz/FXMjWIZxg1xQS+nOBF2ScCRYWNQ/ZnUNnvrq8dGC2/AlyeYcgDUOdwlJuvgkGlF0QoVPQiRPurR3RwlG+BjL8JB3hbaAZhdJqwqApmGQbcpgLj2tODnlrZnEAp5cPPU/lgqCE1OOp78BAEiE91ZLPl/+D8qDHk+Maz0Io3bkeRZMXPpvtbL3qN+3GlF8Yz264HDSsTNrH+nd19tFQIDAQAB",
  "auth-server-url": "https://reuxgbls359:8443/auth",
  "ssl-required": "none",
  "resource": "apiman-gateway",
  "public-client": true
}

When i hit the URL, i see the below debug:

2016-06-02 13:20:10,460 DEBUG [org.keycloak.adapters.PreAuthActionsHandler] (default task-43) adminRequest https://reuxgbls359:8443/apiman-gateway/bp/mapping/1.0?wsdl
2016-06-02 13:20:10,461 DEBUG [org.keycloak.adapters.undertow.ServletSessionTokenStore] (default task-43) session was null, returning null
2016-06-02 13:20:10,461 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-43) there was no code
2016-06-02 13:20:10,461 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-43) redirecting to auth server
2016-06-02 13:20:10,462 DEBUG [org.keycloak.adapters.OAuthRequestAuthenticator] (default task-43) callback uri: https://reuxgbls359:8443/apiman-gateway/bp/mapping/1.0?wsdl
2016-06-02 13:20:10,463 DEBUG [org.keycloak.adapters.AuthenticatedActionsHandler] (default task-43) AuthenticatedActionsValve.invoke https://reuxgbls359:8443/apiman-gateway/bp/mapping/1.0?wsdl

But i never get redirected to the auth/login page.

Any ideas what i am doing wrong?

--
Gareth Healy 
UKI Middleware Consultant 
Red Hat UK Ltd 
200 Fowler Avenue 
Farnborough, Hants 
GU14 7JP, UK 

Mobile: +44(0)7818511214 
E-Mail: gahealy@redhat.com 

Registered in England and Wales under Company Registration No. 03798903