I'm using Waffle for SingleSignOn to a Web Application. It's working fine but I'm wondering if it is possible to force Kerberos avoiding fallback to NTLM.
Update (04.04.18): HTTP authentication doesn't support "Kerberos", so is is not possible to force it. https://www.chromium.org/developers/design-documents/http-authentication