Kerberos relies on server to server trust, that means during setup you'll have to setup certificates for specific IP addresses, servernames, and for all the routes a request takes to go from the SP to IDP.
With Mendix being a cloud platform that uses containers all of the above is impossible to achieve, a container only exists while the application is running. When you do a restart you'd get a new container and lose the pre-established kerberos trust.
Also kerberos has predictable ciphers, partially encrypted messages, and fairly long running tickets (the thing that allows you access to an app), this makes kerberos not the best tool to run through public internet (you should use a vpn to secure the messages).
All of those things make it impossible to run on the Mendix Cloud architecture. To be complete if you truly wish to use kerberos you could set this up on your own IaaS servers, with VPNs and a lot of work, but I would recommend against that.
I would suggest to use something designed for secure internet communication, such as SAML, or OpenID or OAuth.
In your case when authenticating to an AD SAML will probably be the easiest to setup