Keycloak Kerberos prevent login dialog
I'm using keycloak to manage authentication of a java-based web-application.
I configured a Kerberos User Federation which is working fine within the internal network.
Accessing the web-application from outside the network I get the following login dialog instead of being forwarded to the keycloak login form.
Interesting the forwarding works with Firefox, but not Edge, Chrome, IE.
How can I prevent the login-dialog and forward directly to the keycloak-login-form?
EDIT: For example would it be possible to create a second authentication flow (with kerberos disabled) and pass it as parameter in the URL?
The Authentication Flow:
- Kerberos - ALTERNATIVE
- Forms - ALTERNATIVE
What I figured out, the browser-login-dialog is not shown and the flow is forwarded to the keycloak-login-page if the following settings are made.
- web-application URL is added to the "Trusted Sites" (either through IE settings or GPO)
EN:Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Site to Zone Assignment List
DE:Computerkonfiguration\Administrative Vorlagen\Windows-Komponenten\Internet Explorer\Internetsystemsteuerung\Sicherheitsseite\Liste der Site zu Zonenzuweisungen
- the following GPO setting is made
EN:Computer Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone
Logon options: Automatic logon with current user name and password
DE:Computerkonfiguration\Administrative Vorlagen\Windows-Komponenten\Internet Explorer\Internetsystemsteuerung\Sicherheitsseite\Zone vertrauenswürdiger SitesAnmeldungsoptionen: Automatische Anmeldung mit aktuellem Benutzername und Kennwort
- Jackson conditional @JsonUnwrapped
- Why does java.com still recommend Java 8, when there are multiple newer LTE releases?
- When was the JRE discontinued as a separate offering?
- Rollback transaction after @Test
- How do I ignore duplicated code report in Sonar?
- Could not transfer artifact (https://repo.maven.apache.org/maven2): Received fatal alert: protocol_version -> [Help 1]
- Missing artifact com.oracle:ojdbc6:jar:11.2.0 in pom.xml
- How to change the type for only one field using the openapi-generator-maven-plugin?
- Symmetric encryption (AES) in Apache Thrift
- How do I monitor the progress of a file transfer in Apache Commons VFS?
- How to sent Http POST request with application/x-www-form-urlencoded
- Acquiring retrieval name for latest version of a document in a DocumentSet using FileNet API
- Conversion of nanoseconds to milliseconds and nanoseconds <= 1000000 in Java
- Convert UUID back to String input - nameUUIDFromBytes
- Can @ConditionalOnProperty use a nested property value?
- Sorting a map by date key in Java
- How to solve InaccessibleObjectException ("Unable to make {member} accessible: module {A} does not 'opens {package}' to {B}") on Java 9?
- JavaFX WebView doesn't show SSRS web page
- How to set hibernate.format_sql in spring-boot?
- Regarding current month and year in Android Application
- Data consistency in XA transactions
- How to make EditText not focused when creating Activity
- How to block app screen in the Android app switcher without disabling screenshots and screen recordings in the foreground?
- 'Git is not installed' on intellij
- Real Time Dashboard - Data refresh issue
- How to replace Link.REL_SELF when migrating from spring-hateoas 1.0 to 2.4?”
- What are the differences between Dataframe, Dataset, and RDD in Apache Spark?
- How to call assertEquals with Double Epsilon/Precision in Kotlin?
- org.apache.maven.plugins.enforcer.RequireUpperBoundDeps failed with message:
- Why is ExtendedMasterSecret not being offered, using JSSE with openjdk17 (in container under k8s, CRI-o)