Hi,
I can only say that what I did, is add
"HTTP/keycloak.some.domain.com" to the AD account.
After exporting, the principal looks like:
HTTP/keycloak.some.domain.com(a)WHATEVER.ELSE.COM
I'm not sure if the upper case REALM matters.
Hope that helps,
MJ
On 07/06/2017 07:19 PM, Malte Finsterwalder wrote:
Hi there,
I'm trying to set up Keycloak to use Kerberos with Active Directory.
But I'm not sure, I understand the Server Principal correctly.
Keycloak is running on a server, that is reachable under
keycloak.some.domain.com
The Kerberos Realm is
whatever.else.com
So is the Server Principal correctly specified as:
HTTP/keycloak.some.domain.com(a)whatever.else.com
Or more general HTTP/<CLIENT HOST>@<Kerberos Realm>
And is <Kerberos Realm> in the Server Principal always the same as stated
in "Kerberos Realm" in the admin ui?
And does case matter anywhere?
Greetings,
Malte
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user