Force login
Force login is a feature in Kantega SSO that can be utilized to trigger a login when a user visits a page that normally does not require authentication. This can be configured to either redirect directly to the login page or to attempt to authenticate with Kerberos and, if Kerberos fails, fallback to anonymous browsing.
Force login has a preset list of URLs where it will trigger. If this list is missing a URL, it can be added in the Force paths section. If the preset list contains a URL that should not trigger Force login, it can be excluded in the Exclude paths section.
Attempt to login (using Kerberos)
Attempt to login (using Kerberos) is a toggle that turns Force login from a security mechanism to a best-effort mechanism for keeping users logged in. Attempt to login (using Kerberos) will ask unauthenticated users to authenticate themselves with Kerberos whenever they visit a page protected by Force login. The main difference is how the feature behaves if the user fails to authenticate themself with Kerberos:
Force login: User is sent to the login page since authentication is required.
Attempt to login (using Kerberos): User gets to view the page as an anonymous user if the page is public.
Other relevant pages: