Quarkus/Kerberos/MsSql IntegratedSecurity

[Evan Schnell]

Has anyone gotten MS SQL IntegratedSecurity=true to work on a quarkus-based Keycloak docker image?  Would appreciate any quarkus.properties or keycloak.conf suggestions.     

I have Kerberos feature of User Federation working fine but I can't figure out where to put the JAAS piece for IntegratedSecurity on the SQL server.  Keycloak errors out on a blank username, because (by design) the username isn't part of the URL.   

I am moving to Quarkus for Keycloak 18.  My JBoss version version of the container used Kerberos configuration described at https://docs.microsoft.com/en-us/sql/connect/jdbc/using-kerberos-integrated-authentication-to-connect-to-sql-server?view=sql-server-ver16 to enable "Windows Authentication" between a docker container on linux and a sql server.   This depended on two properties; adding these to JAVA_OPTS_APPEND doesn't seem to be the answer.   

JAVA_OPTS_APPEND -Djava.security.auth.login.config=/tmp/jaas.conf -Djava.security.krb5.conf=/etc/krb5.conf

[Evan Schnell]

I was able to get this all working by setting JAVA_OPTS_APPEND="-Djava.security.auth.login.config=/tmp/jaas.conf -Djava.security.krb5.conf=/etc/krb5.conf" and using the host's krb.conf file and a provided (from the AD server) keytab file for my sql user's spn and referenced by the jaas.conf file.  Is this something that is likely to break with a future release?