Kerberos + keycloak congratulation issue

Getting advice
1

hello all, so I’m setting my AD, kerberos and keycloak to login from a Linux rhel 8 workstation, without being asked to reenter session credentials, so I set son’s then I generated keycloak.keytab,
ktpass /out keycloak.keytab /mapuser ADMINISTRATOR@EXAMLE.COM /princ HTTP/EXEMPLE.COM@EXAMPLE.COM /pass /crypto ALL /ptype KRB5_NT_PRINCIPAL
then I added user federation with EXAMPLE.COM as realm, and path to keytab
then in authentication I copied browser flow then added kerberos execution as required.
I also configured my Firefox to enable spnego,
But when my application reach login page I have this error, Kerberos is not set up. you cannot login.
I checked my request headers, I couldn’t find Authorization : Delegate.
kinit

Any tips how to resolve that?

LDAP AD integration + kerberos
2

on wireshark I have this : KRB Error: KRB5KDC_ERR_S_PRINCIPAL_UNKNOWN,
kinit and klist are returning the kerberos ticket

3

Hi,
I do think that the issue is the lack of HTTP/… service account in AD-DC server as it do not know that HTTP/EXEMPLE.COM@EXAMPLE.COM principle at all if you only created it in local rhel 8 machine.
Discussion of integrating Ubuntu login to AD (Samba) with kerberos.
Similar symptoms of not being able to use Kerberos.
In Samba:
Samba wiki keytabs for service pricipals
samba-tool is used that refers and is only usable in Samba DC machine.