Yes, it's working fine:

- Access /app/
- /app/ is protected with auth scheme loginkerberos.html which is the custom code.
- It does a GET to /kerberos/
- /kerberos/ is protected with default Kerberos auth scheme
- It's redirected fine to creds.kcc
- Auth/az is fine, it redirects back to /app/ (there is no page there, that's why the 404)
This is exactly the code I'm using:
<html>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<script src="jquery-3.3.1.min.js"></script>
<script>
$(document).ready(function(){
$.ajax({
type: 'GET',
xhrFields: {
'withCredentials': true
},
crossDomain: true,
url: 'https://webservices158.lab.ca/kerberos/',
cache: false,
success: function () {
function getUrlParameter(name) {
name = name.replace(/[\[]/, '\\[').replace(/[\]]/, '\\]');
var regex = new RegExp('[\\?&]' + name + '=([^&#]*)');
var results = regex.exec(location.search);
return results === null ? '' : decodeURIComponent(results[1].replace(/\+/g, ' ').replace('-SM-','').replace('$SM$',''));
};
var target = getUrlParameter('TARGET');
console.log("Sucesso!");
window.location = target;
},
error: function(XMLHttpRequest, textStatus, errorThrown) {
function getUrlParameter(name) {
name = name.replace(/[\[]/, '\\[').replace(/[\]]/, '\\]');
var regex = new RegExp('[\\?&]' + name + '=([^&#]*)');
var results = regex.exec(location.search);
return results === null ? '' : decodeURIComponent(results[1].replace(/\+/g, ' ').replace('-SM-','').replace('$SM$',''));
};
var target = getUrlParameter('TARGET');
target = target.replace(/^https?:\/\/[^\/]+/g,"");
console.log("some error " + textStatus + " " + errorThrown);
console.log(XMLHttpRequest);
window.location = "https://portonet.lab.ca/loginpnet/";
},
async: false
});
});
</script>
</head>
<h1>Redirecting to app...</h1>
</body>
</html>