Has anyone managed to configure WL8.1 (SP4) to allow Single Sign On via a Microsoft internet explorer browser using Active Directory?

I have read and followed the documentation but when I try to access the protected app I get a login box despite the auth method being CLIENT-CERT. Using the kerbkey utility I can see that the client pc has a kerberos ticket. Previous documentation for WLES 4.2 reffered to a Negotiate Servlet which instigates the spnego process but the documentation appears to have changed for SP4.

Any Ideads?

Many thanks.