I have a Shibboleth 2.4 IdP installed on CentOS 6, and a Shibboleth 2.5.3 SP installed on Windows Server 2008 (IIS). The Windows server is a member of the RESOURCE AD domain.
I configured the IdP for Kerberos as per the instructions on https://wiki.shibboleth.net/confluence/display/SHIB2/Kerberos+Login+Handler. I have embedded the Kerberos login button into the default login form. If I am logged onto the SP server as a user in the RESOURCE domain, I can browse to a secure page, click on the Kerberos login button, and am able to view the page without being prompted for my credentials. However when I try to view the Shibboleth session information at http://localhost/Shibboleth.sso/Session, the message "A valid session was not found" is displayed. How can I verify that attributes are being passed to the SP? Also, how do I allow a user to automatically login via Kerberos, i.e. without displaying the login form?
I have attached the IdP and SP log and configuration files.