How can I add SPNEGO authentication to a WildFly 10.1 load balancer?
Background:
You need to get the SPNEGO support into your application.
WildFly 8 and 9 don't have the Undertow SPNEGO integration ready (WFLY-2553) . You should either switch to WildFly 10.x, or try to use a custom SPNEGO authentication method on your worker nodes. Try to use either servlet filter approach or this custom authenticator.
My strong recommendation is to upgrade to WildFly 10+.
There isn't much to go by in your post as to what is and is not working. This forum is more about what custom code you have created that isn't working, and we can help you there. It seems in this instance you are looking more for an approach on how to setup Kerberos authentication into your WildFly nodes through a load-balancer. As info, it doesn't matter that there is a load-balancer involved, except that you specify a VIP name for the nodes in DNS and have the VIP name be the fully-qualified DNS host part of the name in the SPN which you will need to setup in order for clients to do Kerberos SSO against the WildFly nodes. I don't know anything about WildFly specifically, but I found this link for you which may help get you started: WildFly 9 - Kerberos Authentication for Domain Management Over HTTP
