• Single sign-on is enabled using a Kerberos domain, but it can also be another authentication mechanism. WAFFLE or the Apache SPNEGO implementation takes care of the selection of the accepted mechanism. WAFFLE or the Apache SPNEGO implementation may come with a login prompt because it is not Kerberos but another mechanism. • This chapter is NOT an installation guide or manual for Kerberos security, WAFFLE authentication, SPNEGO authentication or Keycloak. |