We are trying to create a spring web application with Kerberos authentication. Our dev machine is part of the corporate AD domain. We have a local KDC in the virtual machine for testing keberos, but it does not have trust with AD. Network Identity Manager can get a ticket from this area in addition to a ticket from AD.
When checking in the browser, it seems that the ticket on behalf of the domain is sent to the server, instead of the ticket for the test area, with the absence of an unknown client principal and returns to NTLM.
The host running the tomcat server and the test KDC has been added to trusted sites, and automatic authentication is enabled for trusted sites. Adding it to the local intranet also did not help.
Is it possible to send the appropriate ticket for the area from any browser received through the "Network Identity manager" instead of the current registered AD user ticket?
source share