- Used Zammad version: 6.5.0-1750744147.bf43fc31.bookworm
- Used Zammad installation type: package
- Operating system: Debian
- Browser + version: Chrome Version 138.0.7204.97
Expected behavior:
- Did SSO via Kerberos exactly like in the SSO manual. It works on Firefox but it doesnt work on Chrome or Edge.
What I tried:
- The FQDN of Zammad is set in the AuthServerWhitelist policy
- Added Zammad FQDN in Internet Options under Security > Local Intranet > Sites > Advanced.
- Selected “Require server verification (https:) for all sites in this zone”.
- Selected Under Security level for this zone > Custom level… > Settings > User Authentication > Logon, “Automatic logon only in Intranet Zone”.
- Tested Users are in the active AD and the zammad host is treated as a local intranet server
- Checked the Chrome Dev tools with the SSO error: 401 Unauthorized
- On Chrome in the Request header the Auth isnt there
- In Firefox the Auth request is in the header
- Double checked the Whitelist settings for Chrome
- Removed all cookies in Chrome and restarted it
- In the Linux appache error log following error occurs: GSS ERROR In Negotiate Auth: gss_accept_sec_context() failed: [An unsupported mechanism was requested (Unknown error)]
- Checked the AES265 box is selected in the Kerberos account
Steps to reproduce the behavior:
- Firefox works always, chrome and edge never
Thanks for the Help, what else can I try?