RestAPI Header Token using SSO

We would like the ability to retrieve a User token for subsequent RestAPI calls without supplying a username and password, instead using Kerberos authentication. The domain user we execute our jobs as is defined as a valid OpCon user. When that user is running a job, it should be able to get a token for use in further API calls without having to send its information in the call to get a token.