With Kerberos you don't need to log in, so I guess you need to remove or change the authguard in the router

No, this does not work. And AuthGuard (https://issues.alfresco.com/jira/browse/ADF-2435) doesn't work...

DId you get a look to this issue ADF on SSO enabled ACS  with my suggestions they where able to make it works

Yes, but in this case, if you delete the old ticket from browser, there will be a redirect to login page.

This is obviously not SSO ))

Is the ADF authGuard that redirect you to the login page, if you don't have it there will be no redirect.

1)You can write your own authguard that implement your logic

or

2) you can add a listener in the main app that if receive 401, because the ticket is deleted, redirect you where is needed

this.alfrescoApiService.getInstance().on('unauthorized', (error) => {
        this.router.navigate(['/navigate-where-you-need']);
    }
});

"if you don't have it there will be no redirect" - in this case will be an error 401

The application should receive a new ticket, but it doesn't have it.

Honestly, I am a bit confused, if you are using kerberos the new ticket should not be automatically provided?

The KDC issues a (TGT) if the TGT expires at some it should be transparently renewed by the user's session manager while they are logged in. How do you delete the ticket from the browser?

We have enabled logging, and have this error:

Any ideas?

And this log is from share:

It's ok.