Open tripleee opened 4 years ago
cc: @Brave-Matt Can you take a look?
Adding Linux instructions here, Fedora 31 on March 4, 2020, because I couldn't find anything! At least it will be written down.
Looks like Brave is using the /etc/chromium directory to read policies.
$ sudo mkdir -p /etc/chromium/policies/managed
$ sudo vi /etc/chromium/policies/managed/example.json
Contents of example.json
{
"AuthServerWhitelist": "*.example.com"
}
Save and restart Brave.
You can verify by visiting this link in your browser:
brave://policy/
Deprecations for policies containing the word white:
The incantation which worked for me was
defaults write com.brave.Browser AuthNegotiateWhitelist "*.example.com" defaults write com.brave.Browser AuthServerWhitelist "*.example.com"
where the identifier
com.brave.Browser
is the secret sauce I could not easily find by googling.
This didn't work in my case. Any additional step you took?
I don't think I did. Did you notice that example.com
should be replaced with the actual domain name you want to authenticate to? I have switched browsers for other reasons now (IT had to reformat my laptop and it came back with a customized Chrome with the configuration already done) but I tried to take meticulous notes at the time.
Yes, I did replaced example.com
😕
Adding Linux instructions here, Fedora 31 on March 4, 2020, because I couldn't find anything! At least it will be written down.
Looks like Brave is using the /etc/chromium directory to read policies.
$ sudo mkdir -p /etc/chromium/policies/managed $ sudo vi /etc/chromium/policies/managed/example.json
Contents of example.json
{ "AuthServerWhitelist": "*.example.com" }
Save and restart Brave.
You can verify by visiting this link in your browser:
brave://policy/
In case anyone else stumbles over this: The previous didn't work for me, it's 2022 already and brave has now it's own folder: https://major.io/2021/12/18/kerberos-logins-brave-linux/#fixing-it
Not sure if those that didn't get it working noticed that AuthNegotiateWhitelist and AuthServerWhitelist should be AuthNegotiateAllowlist and AuthServerAllowlist respectively
Description
I wanted to use Brave as my company-internal browser and thus need to use our AD-based SSO which is based on Kerberos.
I was unable to find any guidance for how to set this up; the nearest I could find was https://github.com/brave/browser-laptop/issues/5515 which however simply defers to the Chrome instructions, which of course are specific to Chrome.
Steps to Reproduce
defaults write com.google.Chrome ...
(see e.g. https://superuser.com/questions/488095/google-chrome-on-mac-os-x-with-kerberos) which of course is not correct for Bravedefaults read | grep -wi brave
Actual result:
It's possible to deduce from the above, but I don't think your average Excel jock would know how.
Expected result:
Documented, specific guidance in a place which Google can find.
Ideally, I suppose, it would be nice to have this exposed in the browser's settings.
Reproduces how often:
If I put in good search keywords here, this ticket will now change the outcome when you google for this.
OSX Active Directory single sign-on kinit klist
Brave version (brave://version info)
Brave | 1.4.95 Chromium: 80.0.3987.122 (Official Build) (64-bit) Revision | cf72c4c4f7db75bc3da689cd76513962d31c7b52-refs/branch-heads/3987@{#943} OS | macOS Version 10.15.3 (Build 19D76)
Other Additional Information:
The incantation which worked for me was
where the identifier
com.brave.Browser
is the secret sauce I could not easily find by googling.Miscellaneous Information: