Bug 57070 – Disable kerberos authentication per default in Keycloak

Bug 57070 - Disable kerberos authentication per default in Keycloak


Summary:	Disable kerberos authentication per default in Keycloak

Status:	NEW

Product:	UCS
Classification:	Unclassified
Component:	Keycloak
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	---
Assigned To:	UCS maintainers
QA Contact:	UCS maintainers

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2024-02-19 16:46 CET by Finn David
Modified:	2024-02-20 14:16 CET (History)
CC List:	2 users (show)

See Also:	56474
What kind of report is it?:	Bug Report
What type of bug is this?:	3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?:	3: Will affect average number of installed domains
How will those affected feel about the bug?:	1: Nuisance – not a big deal but noticeable
User Pain:	0.051
Enterprise Customer affected?:	Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2024021521000134
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Finn David

2024-02-19 16:46:23 CET

In relation to https://forge.univention.org/bugzilla/show_bug.cgi?id=56474 :

We should think about disabling the kerberos authentication per default in Keycloak, as otherwise every unjoined Windows client on chrome or edge will raise that credential popup.

Comment 1 Florian Best

2024-02-20 12:38:23 CET

Can you attach a screenshot of "that credentials popup"?

Comment 2 Finn David

2024-02-20 13:09:59 CET

Unfortunately I don't have a screenshot from the customer.
It is a "HTTP Basic Auth Popup".