We’d like a way for users to automatically log in if they have a valid Kerberos token. This is currently the default behavior of the SpnegoAuthenticator, but we’d like to disable this by default, and only allow the autologin if user has enabled this setting in their profile.
I was able to get this to work by extending the SpnegoAuthenticator SPI and conditioning the autologin on a boolean.
This however requires duplicating the authenticate method and might stop working if the code is changed in a future Keycloak release. Is there a simpler workaround to this?