This Keycloak extension is inspired by the KeycloakConditionalSpnegoAuthenticator.
It has two main functions:
- allowing skipping Kerberos authentication based on networks or cookies (or both).
- allowing limiting kerberos to IP ranges
This addresses a common compaint about allowing users to logout and log in again with another user account and/or with username/password
It uses a cookie to skip another kerberos login, when configured to do that.
Build it with Maven, copy the jar to the /opt/keycloak/providers/ directory. We usually build it inside the Keycloak-quickstarts repo, under the extensions folder. It is easily adaptable to be built elsewhere.
We can provide the jar as a release if people starts asking for it.
