Google Chrome: passthrough Windows authentication

google-chrome windows authentication single-sign-on passthrough

The I.T. dept is considering allowing installation and automated deployment of Google Chrome browser to 100+ desktops. One of the requirements is for domain credentials to be passed through. The desired behaviour is the same as Internet Explorer.

An issue has come up when browsing intranet resources. Intranet sites which require Active Directory authentication are showing the "Authentication Required" dialog.

For each site, you have to enter your domain credentials.

Question: Does Google Chrome currently, or plan to, support passthrough Windows authentication? If so, how do you configure this security setting?


This has been included in the stable release of Chrome 5.x as of May 2010. It works similar to Internet Explorer in that "Intranet" URLs (without dots in the address) will attempt single sign-on if requested by the server.

To enable passthrough for other domains, you need to run Chrome with an extra command line parameter:

chrome.exe --auth-server-whitelist="*example.com,*foobar.com,*baz"

Background

According to the Google Issues list for Chromium, this issue was reported in Sep 2008. The NTLM passthrough feature was apparently given to the Google Summer of Code team. It sounds like it will be worked on in Summer 2009 at the Google Summer of Code.

This is good news, and will hopefully bring some stature to Chrome's image in the enterprise. The intranet is so prevalent, and to adopt a browser is difficult without having this feature.


You configure the NTLM whitelist by launching Chrome with this additional parameter: 

chrome.exe --auth-server-whitelist="*example.com,*foobar.com,*baz"

Source:
https://sites.google.com/a/chromium.org/dev/developers/design-documents/http-authentication


Chrome now has passthrough Windows authentication that will work on any host without a domain. If you use domains on all intranet site you'll need to use the --auth-server-whitelist command line option.


Chrome has been updated (version 5+) has the following:
In windows it integrates with intranet zones setting in 'internet options'

In Windows only, if the command-line switch is not present, the permitted list consists of those servers in the Local Machine or Local Intranet security zone (for example, when the host in the URL includes a "." character it is outside the Local Intranet security zone), which is the behavior present in IE.

If a challenge comes from a server outside of the permitted list, the user will need to enter the username and password.

For other OS's, you can use the command line switch: 

--auth-server-whitelist="*example.com,*foobar.com,*baz"

source: https://sites.google.com/a/chromium.org/dev/developers/design-documents/http-authentication

Related

How can I install Apache with a specific version?
Open a new Safari window in the current Space from Terminal with multiple tabs (URLs)
After Upgrade to Mountain Lion I get blurry fonts
Can Applescript be used to automate a screen recording session on OS X?
Testing a MacBook Pro's RAM upgrade
How can I apply tags in Mavericks recursively?
How to create a VPN connection via terminal?
Siri's voice on macOS Sierra is not natural
How to change PATH environment variable to OS X 10.8 Mountain Lion that will be visible to GUI applications? [duplicate]
Apache2 (Httpd) not working after update to High Sierra
How can you get Finder to sort by name, but also sort folders before files?
What is filling up my hard drive so fast?