Kerberos authentication from within Keycloak container image

Hi,

We have deployed Keycloak on Kubernetes and trying to configure Kerberos SSO with our Active Directory. We are getting the following exception when trying Kerberos authentication.

2022-08-08 13:47:53,326 WARN [org.keycloak.federation.kerberos.impl.SPNEGOAuthenticator] (executor-thread-2) SPNEGO login failed: java.security.PrivilegedActionException: GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)
at java.base/java.security.AccessController.doPrivileged(Native Method)

Our Setup:-
We have Load balancer in front of Nginx Ingress Controller which is in turn in front of our Keycloak kubernetes pods

So something like this :- User → mykc.myorg.com → Ingress Controller → keycloak server pods

We have configured the principal as :- HTTP/mykc.myorg.com@SUBDOMAIN.DOMAIN.COM

Deployed kerberos client in keycloak image using
RUN microdnf install krb5-workstation krb5-libs -y

Added krb5.conf file in keycloak pods with following

[libdefaults]
dns_lookup_realm = false
ticket_lifetime = 24h
renew_lifetime = 7d
forwardable = true
rdns = false
pkinit_anchors = FILE:/etc/pki/tls/certs/ca-bundle.crt
#default_realm = EXAMPLE.COM
default_realm = DOMAIN.SUBDOMAIN.COM
default_ccache_name = KEYRING:persistent:%{uid}

[realms]
DOMAIN.SUBDOMAIN.COM = {
kdc = HOST.SUBDOMAIN.DOMAIN.COM
admin_server = HOST.SUBDOMAIN.DOMAIN.COM
}

[domain_realm]
.domain.subdomain.com = HOST.SUBDOMAIN.DOMAIN.COM
domain.subdomain.com = HOST.SUBDOMAIN.DOMAIN.COM

We are using LDAP User federation and appropriate kerberos settings are configured for realm, keytab file and principal
Keytab file is copied in conf folder

We enabled debug and trace as well, but its not giving much details apart from the error mentioned above.

Anything else needs to be done ? Are the installation configuration steps correct ? Any pointers will be appreciated.