Re: [keycloak-user] direct access grant + kerberos

I tried this. But the plugin does not seem to support it: <div id="kc-error-message"> <p class="instruction">Kerberos is not set up. You cannot login.</p> </div> I've verified that the endpoint does work with username/password before switching and that kerberos still works with webistes. Anyone know what it would take to update the plugin to support the direct flow? Thanks, Kevin ________________________________________ From: Dmitry Telegin [demetrio(a)carretti.pro] Sent: Friday, May 24, 2019 9:01 AM To: Fox, Kevin M; keycloak-user(a)lists.jboss.org Subject: Re: [keycloak-user] direct access grant + kerberos Hello Kevin, You could try cloning the default direct grant flow, adding Kerberos authenticator to it and removing everything else. This authenticator was initially developed for browser-based flows, so it might or might not work with direct grants. You'll need to figure that out - it could be that the authenticator might need to be adapted. If you need to keep username+password authentication too, you should put the relevant authenticators into a subflow and make it alternative, the same way it is done in the default browser flow. Good luck, Dmitry Telegin Carretti Consulting OÜ | Keycloak Consulting and Training Sepapaja 6, Tallinn 15551, Estonia | info(a)carretti.pro On Tue, 2019-05-21 at 17:48 +0000, Fox, Kevin M wrote: