My organization uses SSO for its applications i.e. Once a user logs into his Windows 10 workstation, he accesses his web application without login. I was informed that the web applications uses NetIQ Identity Manager(IdP) and Kerberos in the background to make all this work. So during the web authentication flow, the web application first responds back with 401 Unauthorized access. The browser then sends an HTTP Authorization header. The value send by the browser is someting like "Authorization: ".
Something gets passed in the by the browser which the application then understands which user it is. I think its Ticket Granting Ticket(TGT) which Kerberos provided to the Windows on first login. How did the Browser get access to the TGT? Does browser has access to read the TGT from local machine?
