Hi,
We’re working on replacing ldap authentication by kerberos authentication on our XWiki instance (under XWiki v11.10.2 – upgrade to v14.6 in progress).
Context : Google Chrome on client side, kerberos configured under front apache, « Headers Trusted Authentication Adapter » extension installed on XWiki.
We’re facing a problem : Chrome sends a kerberos client name like « user@domain.forest » whereas only « user » is required by XWiki. XWiki tries to authenticate « user@domain.forest » user but doesn’t allow it because user name contains ‘@’ character.
We’ve tried to filter « @domain.forest » suffix at Front Apache level but this is not allowed by kerberos protocol, in order to prevent from user identity hacking.
What can we do at XWiki configuration level to ignore this suffix ?
Regards