[keycloak-user] GSS delegation credential mapper

Hi, I'm trying to configure the GSS credential mapper for an application. I've configured SPNEGO authentication on the server, and this is working. Then I've created an application (confidential client) and add a gss delegation credential mapper to the application, but I don't seem to get a claim with the GSS credentials in the token after I authenticate. If I understood correctly, I should see a claim in the access token named "gss_delegation_credential". Is there anything else I need to configure, like some additional mappers? Also, is it possible to get this gss_delegation_credential token only authenticating with SPNEGO, or would it be possible to get it also with other authentication mechanisms (e.g. x509 certificate, username and password)? Thanks, Paolo Tedesco