The authentication with Kerberos works fine if this is the first authentication. But when we have several alternative authentications (first user/password) and then you click on “Try another way” and we have others validations as X.509 Certificate and Kerberos. If we choose Kerberos, the browser returns " Page has expired. To restart the login process Click here". In the logs we see that the point where it fails is here: “invoke authenticator.authenticate: auth-spnego” comparing when it works fine.