Choosing a Kerberos Java Library (SPNEGO) for Single Sign-On to a Web Application

I am currently working on implementing enterprise authentication mechanisms in our Java web application, including single sign-on. Windows networks are what we aim for, and Kerberos sounds reasonable. Sidenote: As I understand it, the protocol used in the web (HTTP) environment for SSO is SPNEGO, and it is basically a shell around Kerberos. So it seems that Kerberos HTTP SSO libraries actually use SPNEGO - correct me if I am wrong.

When I started to study this topic, I realized that there is no obvious choice. Let me list those:

• Spring Kerberos / SPNEGO extension protection . This was the first thing I looked at (since we are already using Spring Security), but it seems to be stuck on the second line of v1.0.0 a few years ago. Only this SO question gives little hope that it can be used for production.
• WAFFLE is a functional Windows authentication platform . They seem to be active and multifunctional. It can be “connected” as a common servlet, as well as as a Spring Security Filter .
• SPNEGO SourceForge . Seems very easy, provides an HTTP servlet filter, tutorials are easy to track.

Are there any special reasons to choose one option over another? Are there any other options?