We’d like a way for users to automatically log in if they have a valid Kerberos token. This is currently the default behavior of the SpnegoAuthenticator
, but we’d like to disable this by default, and only allow the autologin if user has enabled this setting in their profile.
I was able to get this to work by extending the SpnegoAuthenticator
SPI and conditioning the autologin on a boolean.
This however requires duplicating the authenticate
method and might stop working if the code is changed in a future Keycloak release. Is there a simpler workaround to this?