Jenkins, Active Directory connectivity, and Kerberos setup and working well (including Single Sign-On through Kerberos) when accessing Jenkins directly (http://servername.domain:8080).

When accessing Jenkins through a reverse proxy (Nginx) running on the same host (performs SSL offloading) the user is identified as the Unix user that runs the Tomcat process instead of the actual user. In our case the Jenkins Tomcat runs as Unix user id 'tomcat', thus all logged in users are identified as 'tomcat'.

Interestingly this happens only when accessing Jenkins through the reverse proxy.

With Kerberos SSO plugin disabled, login works well when accessing through the reverse proxy.

I'm attaching the Nginx configuration for reference.