Looks like this isn't possible. However, an acceptable workaround is to
enable SSO instead. Assuming that your LiveCycle server is on a private
network you can then send the current user's login Id or unique
identifier to authenticate. So long as they're in the ActiveDirectory
database then they're authenticated. So I'm not using true Kerberos
delegation, but I don't mind having LiveCycle on a private network. SSO
authentication works for HTML, Ajax and SOAP requests.How this helps
someone.