Google Chrome: passthrough Windows authentication

windows authentication single-sign-on google-chrome passthrough
92,948

Solution 1

This has been included in the stable release of Chrome 5.x as of May 2010. It works similar to Internet Explorer in that "Intranet" URLs (without dots in the address) will attempt single sign-on if requested by the server.

To enable passthrough for other domains, you need to run Chrome with an extra command line parameter:

chrome.exe --auth-server-whitelist="*example.com,*foobar.com,*baz"

Background

According to the Google Issues list for Chromium, this issue was reported in Sep 2008. The NTLM passthrough feature was apparently given to the Google Summer of Code team. It sounds like it will be worked on in Summer 2009 at the Google Summer of Code.

This is good news, and will hopefully bring some stature to Chrome's image in the enterprise. The intranet is so prevalent, and to adopt a browser is difficult without having this feature.

Solution 2

You configure the NTLM whitelist by launching Chrome with this additional parameter: 

chrome.exe --auth-server-whitelist="*example.com,*foobar.com,*baz"

Source:
https://sites.google.com/a/chromium.org/dev/developers/design-documents/http-authentication

Solution 3

Chrome has been updated (version 5+) has the following:
In windows it integrates with intranet zones setting in 'internet options'

In Windows only, if the command-line switch is not present, the permitted list consists of those servers in the Local Machine or Local Intranet security zone (for example, when the host in the URL includes a "." character it is outside the Local Intranet security zone), which is the behavior present in IE.

If a challenge comes from a server outside of the permitted list, the user will need to enter the username and password.

For other OS's, you can use the command line switch: 

--auth-server-whitelist="*example.com,*foobar.com,*baz"

source: https://sites.google.com/a/chromium.org/dev/developers/design-documents/http-authentication

Solution 4

Chrome now has passthrough Windows authentication that will work on any host without a domain. If you use domains on all intranet site you'll need to use the --auth-server-whitelist command line option.

Solution 5

This is not included in Google Chrome; however, you could try running a local proxy service which supports NTLM. This would need to be installed on each desktop and Chrome would need to be configured to utilize the proxy.

NTLM Authorization Proxy Server

Cntlm Authentication Proxy

Share:
92,948

Related videos on Youtube

p.campbell
Author by

p.campbell

Developer in the Microsoft .NET & SQL Server stack. I am focused on delivering great applications in small iterations. I've developed solutions in the healthcare, manufacturing, and transportation verticals. My open source projects on GitHub. Continuously learning.

Updated on September 17, 2022

Comments

  • p.campbell
    p.campbell almost 2 years

    The I.T. dept is considering allowing installation and automated deployment of Google Chrome browser to 100+ desktops. One of the requirements is for domain credentials to be passed through. The desired behaviour is the same as Internet Explorer.

    An issue has come up when browsing intranet resources. Intranet sites which require Active Directory authentication are showing the "Authentication Required" dialog.

    For each site, you have to enter your domain credentials.

    Question: Does Google Chrome currently, or plan to, support passthrough Windows authentication? If so, how do you configure this security setting?

    • Tomalak
      Tomalak about 6 years
      The right answer for this has changed over the years. For quite some time now Chrome has been capable of paying attention to the system's native Internet Settings from the control panel and emulate IE's behavior, which is immeasurably more useful than setting a commandline option or GPO setting. See @Myster's answer below.
  • user1686
    user1686 about 15 years
    Wouldn't Negotiate be better? Even Microsoft recommends using it over NTLM.
  • user1686
    user1686 about 15 years
    Or add it yourself.
  • Spence
    Spence about 15 years
    Heh heh... either way, you're paying for it somehow. Your money or your time. smile To wax philosophically for a second: This is why I love open source software. You actually have a way to control the features and can create your own destiny. When I've explained open source to people who thought of it like "communism" as "you're free to contract with any qualified party to work on the software" I've often found that attitudes change.
  • p.campbell
    p.campbell over 13 years
    how does this command line option work? Does the Chrome shortcut need to be modified to include this option, or is this set in the about: page or other config page?
  • Simon East
    Simon East almost 9 years
    This comment is way out of date now.
  • Simon East
    Simon East almost 9 years
    Yes, sorry I was referring to your answer, not your comment. And downvoting obsolete answers is encouraged, especially if there are others that should have more visibility. Feel free to delete or improve your answer if you don't want the downvotes.
  • Simon East
    Simon East almost 9 years
    Does that mean that if you add an extra domain to the "Local Intranet Security Zone" in IE that Chrome will also trust it too?
  • Spence
    Spence almost 9 years
    @SimonEast - I don't see it as productive. If you, or others do, so be it. I don't, personally.
  • Lord Darth Vader
    Lord Darth Vader almost 6 years
    Path to exe C:\Program Files (x86)\Google\Chrome\Application

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Windows 7 Single Sign On
How practical is it to authenticate a Linux server against AD?
Flutter Windows Google Authentication Without google_sign_in
Sample cypress script to bypass SSO
How to integrate Azure AD SSO in flutter app
How to edit/reset Chrome DevTools settings manually on disk?
How to create a hyperlink to shared network directory or file?
Chrome native messaging on windows
continue ALLWAYS Illegal in switch in JS but break works fine
SAML 2.0 SSO for Ruby on Rails?