diff --git a/solr/CHANGES.txt b/solr/CHANGES.txt
index aebc366567f..af19e3fd7ff 100644
--- a/solr/CHANGES.txt
+++ b/solr/CHANGES.txt
@@ -193,6 +193,8 @@ New Features
 
 * SOLR-7896: Add a login page to Admin UI, with initial support for Basic Auth (janhoy)
 
+* SOLR-13116: Add Admin UI login support for Kerberos (janhoy, Jason Gerlowski) 
+
 * SOLR-11126: New Node-level health check handler at /admin/info/healthcheck and /node/health paths that
   checks if the node is live, connected to zookeeper and not shutdown. (Anshum Gupta, Amrit Sarkar, shalin)
   
diff --git a/solr/webapp/web/css/angular/login.css b/solr/webapp/web/css/angular/login.css
index 52ad4e01dbc..6d6c9083e21 100644
--- a/solr/webapp/web/css/angular/login.css
+++ b/solr/webapp/web/css/angular/login.css
@@ -41,6 +41,12 @@ limitations under the License.
   margin-bottom: 1rem;
 }
 
+#content #login a
+{
+  color: #0000bf;
+  cursor: pointer;
+}
+
 #content #login .login-error
 {
   font-size: 1rem;
diff --git a/solr/webapp/web/js/angular/controllers/login.js b/solr/webapp/web/js/angular/controllers/login.js
index 9935191e127..e87f2a8bf27 100644
--- a/solr/webapp/web/js/angular/controllers/login.js
+++ b/solr/webapp/web/js/angular/controllers/login.js
@@ -27,9 +27,13 @@ solrAdminApp.controller('LoginController',
         var authScheme = sessionStorage.getItem("auth.scheme");
         if (wwwAuthHeader) {
           // Parse www-authenticate header
-          var wwwHeader = wwwAuthHeader.match(/(\w+)\s+(.*)/);
-          authScheme = wwwHeader[1];
-          var authParams = www_auth_parse_params(wwwHeader[2]);
+          var wwwHeader = wwwAuthHeader.match(/(\w+)(\s+)?(.*)/);
+          authScheme = "unknown";
+          var authParams = {};
+          if (wwwHeader && wwwHeader.length >= 1)
+            authScheme = wwwHeader[1]; 
+          if (wwwHeader && wwwHeader.length >= 3)
+            authParams = www_auth_parse_params(wwwHeader[3]);
           if (typeof authParams === 'string' || authParams instanceof String) {
             $scope.authParamsError = authParams;
           } else {
@@ -43,7 +47,7 @@ solrAdminApp.controller('LoginController',
           sessionStorage.setItem("auth.scheme", authScheme);
         }
 
-        var supportedSchemes = ['Basic', 'Bearer'];
+        var supportedSchemes = ['Basic', 'Bearer', 'Negotiate'];
         $scope.authSchemeSupported = supportedSchemes.includes(authScheme);
         $scope.authScheme = sessionStorage.getItem("auth.scheme");
         $scope.authRealm = sessionStorage.getItem("auth.realm");
diff --git a/solr/webapp/web/partials/login.html b/solr/webapp/web/partials/login.html
index 10a3caf27c5..d5dba146a85 100644
--- a/solr/webapp/web/partials/login.html
+++ b/solr/webapp/web/partials/login.html
@@ -60,7 +60,23 @@ limitations under the License.
 
   </div>
 
-
+  <div ng-show="authScheme === 'Negotiate'">
+    <h1>Kerberos Authentication</h1>
+    <p>Your browser did not provide the required information to authenticate using Kerberos. 
+      Please check that your computer has a valid ticket for communicating with Solr, 
+      and that your browser is properly configured to provide that ticket when required. 
+      For more information, consult 
+      <a href="https://lucene.apache.org/solr/guide/kerberos-authentication-plugin.html">
+        Solr's Kerberos documentation
+      </a>.
+    </p>
+    The response from the server was:
+    <hr/>
+    <pre>HTTP 401 {{statusText}}
+WWW-Authenticate: {{wwwAuthHeader}}</pre>
+    <hr/>
+  </div>
+  
   <div ng-show="!authSchemeSupported">
     <h1>Authentication scheme not supported</h1>