[keycloak-user] Does Keycloak's SPNEGO support include fall-back to NTLM in absence of Kerberos?
mposolda at redhat.com
Wed Jun 29 03:05:51 EDT 2016
I afraid that it won't work ATM. You can create JIRA for this though.
However I am not sure if it's priority for us to do that.
Alternatively you can try to contribute this yourself. Maybe the only
required thing will be to add NTLM OID ( 220.127.116.11.4.1.318.104.22.168 ) to the
. However I afraid it likely won't be that easy...
On 28/06/16 17:47, Guy Davis wrote:
> Good day,
> For sake of argument, assume that someone has set up a MS Active
> Directory domain with Kerberos disabled, but NTLM still enabled. In
> that situation, would a user browsing to a Keycloak-protected
> application, with LDAP+SPNEGO enabled (against that MS AD system)
> still allow for Integrated Windows Authentication (auto-login without
> prompt) to web application?
> Thanks much,
> <re-sending today as same message yesterday didn't make it through to
> the list>
> keycloak-user mailing list
> keycloak-user at lists.jboss.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the keycloak-user