[keycloak-user] Authentication with Kerberos and login screen fallback

Janik janik-keycloak at familie-krallmann.de
Thu Feb 28 14:53:01 EST 2019

Hello guys,

I have an web application where I'd like to use Keycloak for
authentication. If possible the user should login via Kerberos. If not
use login screen.

On my computer I have a valid Kerberos ticket and the login works fine.
If I try to login for example from another device I always get the
error-code 401. I expected to get the login screen instead. If I
configure the trusted-uris on these device the login screen appears. 

I successfully configured an LDAP User Federation provider with Kerberos
integration. I used this instructions
to create the authentication flows.

Is it possible to use Kerberos authentication from known devices and use
the login screen from unknown devices where I can't configure
trusted-uris? One example could be my mobile phone where I'm not able to
configure something.

Thanks in advance.

More information about the keycloak-user mailing list