[keycloak-dev] Do I need a different ODIC protocol mapper?

[Chris Smith]

I'm capturing a Kerberos Ticket on a successful Kerberos User/Password authentication.  The ticket is then serialized and then saved as a user session note with KerberosConstants.GSS_DELEGATION_CREDENTIAL as the key... because... well... That is what the SPNEGO authentication does.  The claim is then converted to a GSSCredential by the existing client adapter (Tomcat in my case)

So even though both are named as a GSSCredential claim, they are really Kerberos Tickets.

Ok, so what.  The User/Password ticket is not created by "Delegation", unlike the SPNEGO ticket.  Would you guys consider that to be accepted as a PR, it should have a different name and a new protocol mapper is required?