Hyland Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Does anyone know what I have to do to Chrome to make it SSO?

throwback
Champ in-the-making
Champ in-the-making

‎10-02-2012 09:49 AM

The wiki has detailed instructions for Firefox, and Internet explorer SSO works out of the box, but I cannot for the life of me figure out what I'm supposed to do to make Chrome sso with Alfresco (LDAP sync/Kerberos SSO auth, tested working with other browsers).

Desperate to achieve this because alfresco is painfully slow in any other browser.

I would like to have searched the forums for the answer but I cannot find a forum search function either! (just the google search at the top, a bit pointless as I can go to google myself).

Been reading here with little success:

http://dev.chromium.org/developers/design-documents/http-authentication

Looking here I should just have to invoke –enable-auth-negotiate-port  so it picks up port 8080 in the SPN, but I've also tried setting delegation etc here.

Really trying to avoid learning how Kerberos delegation/auth works from end to end in depth just to work out the settings! Has anyone done this and knows the magic words?
Labels:
0 Kudos
3 REPLIES 3

loftux
Star Contributor
Star Contributor

‎10-02-2012 11:04 AM

I haven't tried getting Kerberos SSO to work with Chrome, nevertheless I will try to help Smiley Wink
Another article on the topic http://www.microhowto.info/howto/configure_chromium_to_authenticate_using_spnego_and_kerberos.html

Be sure to use the full dns and the same ones you actually use in the browser. Try authentication to serverSmiley Tongueort/alfresco first, it is usually easier to get that to work. Then move on to get /share to work. Make sure to specify the delegation command line parameter.
Post the parameters you have tried, and especially the ones that works if you get it to work.
0 Kudos

nwheatley
Champ in-the-making
Champ in-the-making

‎10-01-2013 07:28 PM

I didn't see this answered anywhere else, and we just got Kerberos SSO working through Chrome in our environment so I'll post an update. Basically you need to create/update some registry values (that do not exist by default) to whitelist auth server(s) and kerberos delegation for Chrome. See herefor full documentation on Chrome policy templates and references of all the reg values.: https://support.google.com/chrome/a/answer/187945?hl=en

At a minimum you'll need to set the following registry values to get SSO working in Chrome:
[HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome]
"AuthNegotiateDelegateWhitelist"="www.yourAlfServer.com"
"AuthSchemes"="basic,digest,ntlm,negotiate"
"AuthServerWhitelist"="www.yourAlfServer.com"

As a test stick those values into a .reg file and import them to your local registry. Restart Chrome and SSO should work (in theory anyway). You may need to tweak on some additional registry values for SPN settings or to whitelist plugins for SPP (Sharepoint) functionality but this should get you started. Full documentation is available at the above link.
0 Kudos

jean-rémyrevy
Champ in-the-making
Champ in-the-making
In response to nwheatley

‎01-28-2015 08:07 AM

Be careful, in latest chrome enterprise versions (> 34~), this LocalMCX method seems to no longer be available. It use directly GPO bypassing local registry.
0 Kudos
Getting started

Tags

Find what you came for

We want to make your experience in Hyland Connect as valuable as possible, so we put together some helpful links.

Copyright © 2024 Khoros, LLC