We’d like a way for users to automatically log in if they have a valid Kerberos token. This is currently the default behavior of the
SpnegoAuthenticator, but we’d like to disable this by default, and only allow the autologin if user has enabled this setting in their profile.
I was able to get this to work by extending the
SpnegoAuthenticator SPI and conditioning the autologin on a boolean.
This however requires duplicating the
authenticate method and might stop working if the code is changed in a future Keycloak release. Is there a simpler workaround to this?