Kerberos KDC Proxy is supported for the Proxy component. VMware Tunnel Proxy supports Kerberos authentication in the requesting application. Kerberos KDC proxy (KKDCP) is installed on the endpoint server.

Workspace ONE UEM KKDCP acts as a proxy to your internal KDC server. Workspace ONE UEM-enrolled and compliant devices with a valid Workspace ONE UEM issued identity certificate can be allowed to access your internal KDC. For a client application to authenticate to Kerberos- enabled resources, all the Kerberos requests must be passed through KKDCP. The basic requirement for Kerberos authentication is to make sure that you install the Endpoint with the Kerberos proxy setting enabled during configuration in a network where it can access the KDC server.

For HTTPS sites, VMware Browser for Android supports Kerberos authentication only when the site also has NTLM authentication enabled. This requirement is because the Android WebView, on which the VMware Browser is built, does not support Kerberos authentication natively.

HTTP Sites do not require NTLM authentication as the VMware Tunnel can perform Kerberos authentication without NTLM being enabled.

Currently, this functionality is only supported with the VMware Browser v2.5 and higher for Android.