[keycloak-user] Login a Java Fat Client with Windows Kerberos Token agains Keycloak backed by AD?

Hi, I have the following setup: I'm programming a Java Fat Client application. I want to integrate it into SSO with Keycloak. Our Keycloak is connected to our Windows Active Directory (AD). So my idea is, that my Fat Client uses the Windows 7 Kerberos Token and sends that to Keycloak. Keycloak should authorize the token agains the AD and send back an authorization token to the Fat Client, so I can later use this Keycloak token to access other Rest-Services. Fat Client (with Kerberos Token) -> Keycloak -> AD Fat Client (with Keycloak Token) -> REST-Service I can't find anything in the documentation regarding this szenario. Is this possible? And if so, how? Greetings, Malte