A DESCRIPTION OF THE REQUEST :
Windows 10 enhances its LSASS process by virtualization. This feature is called Credential Guard.
We are using Java SSO for an inhouse application and for Spark from IgniteRealtime with the known "hack" of allowtgtsessionkey as described on the following bug report:
Java requires AllowTGTSessionKey = 1 for Kerberos SSO to work
Although this hack still works on Windows 10, our company security policy requires that we enable Credential Guard and once we do that, our Java applications are not allowed to have access to the tokens any more, thus blocking SSO.
Credential Guard is implemented on Windows 10 and blocks Java from accessing credentials.
This should be resolved as many applications will stop working.
EXPECTED VERSUS ACTUAL BEHAVIOR :
The proper solution would be to properly support Microsoft Windows SSPI as requested here:
The actual behavior is that the Java applications cannot have access to the TGT token effectively blocking the whole authentication process.
CUSTOMER SUBMITTED WORKAROUND :
The only workaround is to disable Credential Guard.