[keycloak-dev] [keycloak-user] Get a GSSCredential when user browser is not in Active Directory domain

Alexis Almeida alexis.almeida at gmail.com
Sat Feb 9 15:17:02 EST 2019

> I originally asked this on the user list but I'm making a change to
> I had asked on the dev list earlier about this on the dev as I started to
see how this would work
> I got the Kerberos Ticket and serialized it to a Base 64 string. it
deserializes to a GSSCredential

> Now I have to put the Base 64 token into the  access token

> Any guidance?


Hi Chris,

I hope this help you some way.

In a similar situation I created a service provider endpoint that get
Access Token as input and, after validation, generate a new bearer token
with custom claims. In that claim I put additional parameters.

This generated bearer token isn't associated to user session so I put into
this new token a new claim with the jti of the original Access Token.

More information about the keycloak-dev mailing list