We are trying to build a Spring web application with Kerberos authentication. Our dev machine is part of a corporate AD domain. We have a local KDC in a VM to test kerberos, but does not have a trust with the AD. Network Identity manager is able to get a ticket from this realm in addition to the ticket from the AD.
When tested from the browser, it seems like the ticket from domain login is sent to the server, instead of the ticket for the test realm, failing with unknown client principal and falls back to NTLM.
The host where the tomcat server and test KDC are running are added to the trusted sites, with automatic authentication enabled for trusted sites. Adding it to local intranet also did not make a difference.
Will it be possible from any of the browsers to send appropriate ticket for the realm obtained through "Network Identity manager" instead of the current logged in AD user ticket?
