Kerberos 401 authentication with form fallback
we are using APM for SAML authentication. Domain joined machines should authenticate transparently with Kerberos, users without the ability to use Kerberos (non domain joined, Firefox without negotiate-settings) should receive a form to login.
Kerberos works fine, but users with non domain joined machines receive a browser authentication prompt and "Authentication required to access the resources.".
Does anybody has set up such a scenario? Any help is appreciated.