Hi,
just to add to Julius' response. ABAP application server does not support Kerberos as authentication method. THe most common methods used for HTTP based apps are username/password, SAP Logon ticket and SAML. So in your case SAML is not configured and a user does not have a logon ticket. Therefore ABAP AS asks for username/password. One option would be to always go through portal that generates logon ticket that can be used to authenticate user on backend system. Another option is to try to introduce SAML into your landscape. Identity provider (IdP) can still use Kerberos for authentication but you will use SAML for backend authentication. When users hit a WD app they get redirected to IdP. IdP uses Kerberos to authenticate users and then redirects them back to backend system. Here SAML token is used to authenticate users. AD can work as SAML provider (you might need some extra license though) or you should be able to find an open source IdP with support for Kerberos. SAML solution will require some extra effort to implement.
Cheers