Keberos: how can I redirect a browser when it can't find a valid token?

To ask a browser to provide a Kerberos token, I send a 401 response with the "WWW-Authenticate: Negotiate" header.

If the browser can't find a Kerberos library, the user doesn't have a ticket, or the site isn't whitelisted, the browser wont' be able to send a Kerberos token, and will just display a 401 Unauthorized page. Is there a way I can redirect instead?

Solution

401 response can contain a body - you can do a browser redirect using JS or meta tag

Why do POST requests not work using Spnego/Kerberos authentication with Spring Security Kerberos?
WCF Interoperability Kerberos SPNego Enabled Web Service
Supporting SSO for a REST API under Windows without using SPNEGO
Liberty - CWWKS4310W: The client delegated GSSCredentials were expected to be received but were not found for user
Traditional WebSphere SPNEGO authentication fails - SECJ0056E: Authentication failed for reason Cannot find the user
Kerberos Spnego in Spring and Angular frontend + JWT
Optional SPNEGO Kerberos authentication
CAS Spnego - KrbException: Checksum failed
What is the point of the Kerberos Service Ticket (ST) in CAS?
Java 17 Update - Cannot find key of appropriate type to decrypt AP-REQ - RC4 with HMAC
How to force Git (2.5+) HTTP transport prefer SPNEGO over Basic authentication?
Kerberos issue in Mac
Kerb4j - How to get role name from SPNEGO Token?
Kerberos - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC
kinit: krb5_init_creds_set_keytab: Failed to find keytab (unknown enctype)
Skip kerberos sso authentication in keycloak
SPNEGO settings for Firefox and Google Chrome
How do people make Java SPNEGO client work in Windows?
Keycloak Kerberos prevent login dialog
SPNEGO in tomcat always prompting password
What is the use of the pre-auth user in SPNEGO SSO configuration?
SSO Authentication for multi Active Directory domains
Pure Java way to access SPNEGO single sign on in Windows 10
How do I authenticate with Spnego/Kerberos and Apache's HttpClient?
Kerberos Authentication NGINX in Linux Environment returns 403 Unauthorized
Configuring Tomcat SSO using Kerberos SPNEGO
How to get LDAP user attributes with SPNEGO and CAS?
Do we require a keytab entry for all AD users for kerberos based authentication?
curl with --negotiate / Kerberos doesn't seem to work
If a Kerberos keytab has multiple entries, how keep wrong person from using an entry?