Start server in a separate shell session. $ FLASK_APP=session_app.py FLASK_DEBUG=1 flask run --host 0.0.0.0 Reset any cookies and kerberos tickets. $ kdestroy -A $ rm ~/cookiejar.txt Try visiting protected page without authorization. $ curl -L http://d2-03a.ipa.example.com:5000/protected -b ~/cookiejar.txt -c ~/cookiejar.txt requires session Get kerberos ticket and then visit login url. This /login redirects to /login/kerberos by default. $ kinit ${USER} $ klist Ticket cache: FILE:/tmp/krb5cc_960600001_Hjgmv7lby2 Default principal: bgstack15@IPA.EXAMPLE.COM Valid starting Expires Service principal 06/20/21 16:04:10 06/21/21 16:04:07 krbtgt/IPA.EXAMPLE.COM@IPA.EXAMPLE.COM 06/20/21 16:04:15 06/21/21 16:04:07 HTTP/d2-03a.ipa.example.com@IPA.EXAMPLE.COM $ curl -L http://d2-03a.ipa.example.com:5000/login --negotiate -u ':' -b ~/cookiejar.txt -c ~/cookiejar.txt success with kerberos Visit protected page now that we have a session. $ cat ~/cookiejar.txt # Netscape HTTP Cookie File # https://curl.se/docs/http-cookies.html # This file was generated by libcurl! Edit at your own risk. d2-03a.ipa.example.com FALSE / FALSE 0 user "bgstack15@IPA.EXAMPLE.COM" d2-03a.ipa.example.com FALSE / FALSE 0 type kerberos d2-03a.ipa.example.com FALSE / FALSE 0 timestamp 2021-06-20T20:06:15Z #HttpOnly_d2-03a.ipa.example.com FALSE / FALSE 1624219691 session eyJfcGVybWFuZW50Ijp0cnVlLCJlbmRfdGltZSI6IjIwMjEtMDYtMjBUMjA6MDY6MTVaIiwidXNlciI6ImJnaXJ0b25ASVBBLlNNSVRIMTIyLkNPTSJ9.YM-fsw.ZeI4ec-d7D64IEJ9Ab4RfpXfLt4 $ curl -L http://d2-03a.ipa.example.com:5000/protected -b ~/cookiejar.txt -c ~/cookiejar.txt