I'm trying to create a C# application which would use Keycloak for authentication. Currently, I'm able to log in as user using OpenID Connect by sending the following REST request:
POST
http://{server}:{port}/auth/realms/{myRealm}/protocol/openid-connect/token
Body (x-www-form-urlencoded):
client_id {myClient}
username FooBar
password {userPassword}
grant_type password
Sending this request results in acquiring both access token and refresh token.
Now, I would like to be able to somehow login (acquire the tokens or otherwise authenticate the user) using the "currently active Windows session" by which I mean that the user (existing in Active Directory LDAP) which is currently logged into Windows should be authenticated without providing any credentials.
The User Federation in my Keycloak realm already contains configuration for the AD LDAP server so all the users are now also available in the Keycloak.
I went through the Keycloak documentation (especially the sections about LDAP and Active Directory and Kerberos) but didn't quite understand what exactly needs to be done in order to make it work.
I also searched here on SO but the only relevant thing I've found is some other user mentioning that this should be possible.
Can someone point me in the right direction?
In keycloak terms, you are asking for SPNEGO authentication See https://www.keycloak.org/docs/latest/server_admin/index.html#_kerberos
In the realm authentication tab, you need to enable Kerberos Your Browser needs to have SPNEGO enabled. Different browsers do that differently. You enable a specific URL for SPNEGO
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With