[keycloak-user] Keycloak single sign on with Keberos(AD)
Marek Posolda
mposolda at redhat.com
Mon Jun 27 05:54:53 EDT 2016
It may help if you enable all the possible debug/trace logging and post
the log here. This may give more info what is the issue. See docs how to
enable logging :
https://keycloak.gitbooks.io/server-adminstration-guide/content/v/2.0/topics/authentication/kerberos.html
Try to send the log from the point once you trigger the authentication
request (or from the point when you hit your app URL)
Thanks,
Marek
On 24/06/16 20:22, Zhou, Limin (Ray) wrote:
>
> Hello everyone
>
> I am new to Keycloak and new to here
>
> Our web application is running on Jboss EAP 7, We have configured
> KeyCloak standalone server 1.9.7 running on different port(same server
> box) to manage the user authentication and authorization, behind
> KeyCloak we have configured Keberos in User Federation to talk our
> company AD server, we are able to login by using our AD account, but
> not in single sign on way, each time when we hitting the our app URL,
> the Keycloak login page will show up.
>
> It looks like the TGT or ST hand shake was not successful, is there
> any document I can reference it to debug the issue?
>
> Any comments or suggestion would be very welcome
>
> thanks in advance
>
> raymond
>
> ------------------------------------------------------------------------
> Moneris Solutions Corporation | 3300 Bloor Street West | Toronto |
> Ontario | M8X 2X2 | Canada www.moneris.com 1-866-319-7450
> If you wish to unsubscribe from future updates from Moneris, please
> click here
> <https://www.moneris.com/en/About-Moneris/Contact-Moneris/Unsubscribe.aspx>.
> Please see the Moneris Privacy Policy here
> <http://www.moneris.com/Home/Legal/Website-Policies/Privacy-Policy.aspx>.
>
> This e-mail may be privileged and/or confidential, and the sender does
> not waive any related rights and obligations. Any distribution, use or
> copying of this e-mail or the information it contains by other than an
> intended recipient is unauthorized. If you received this e-mail in
> error, please advise me (by return e-mail or otherwise) immediately.
> ------------------------------------------------------------------------
> Corporation Solutions Moneris | 3300, rue Bloor Ouest | Toronto |
> Ontario | M8X 2X2 | Canada www.moneris.com 1-866-319-7450
> Si vous désirez enlever votre nom de la liste d’envoi de Moneris,
> veuillez cliquer ici
> <https://www.moneris.com/about-moneris/contact-moneris/unsubscribe?sc_lang=fr-CA>.
> Veuillez consulter la Politique de confidentialité de Moneris ici
> <http://www.moneris.com/Home/Legal/Website-Policies/Privacy-Policy.aspx?sc_lang=fr-CA%20>.
>
>
> Ce courriel peut contenir des renseignements confidentiels ou
> privilégiés, et son expéditeur ne renonce à aucun droit ni à aucune
> obligation connexe. La distribution, l’utilisation ou la reproduction
> du présent courriel ou des renseignements qu’il contient par une
> personne autre que son destinataire prévu sont interdites. Si vous
> avez reçu ce courriel par erreur, veuillez m’en aviser immédiatement
> (par retour de courriel ou autrement).
>
>
> _______________________________________________
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-user/attachments/20160627/3ab9f1ca/attachment.html
More information about the keycloak-user
mailing list