Brave-browser: Document how to configure Kerberos / SPNEG0 / AD auth on macOS

Created on 28 Feb 2020  路  2Comments  路  Source: brave/brave-browser

Description

I wanted to use Brave as my company-internal browser and thus need to use our AD-based SSO which is based on Kerberos.

I was unable to find any guidance for how to set this up; the nearest I could find was https://github.com/brave/browser-laptop/issues/5515 which however simply defers to the Chrome instructions, which of course are specific to Chrome.

Steps to Reproduce

  1. Observe that Chrome needs defaults write com.google.Chrome ... (see e.g. https://superuser.com/questions/488095/google-chrome-on-mac-os-x-with-kerberos) which of course is not correct for Brave
  2. Google some more, find nothing
  3. defaults read | grep -wi brave

Actual result:

It's possible to deduce from the above, but I don't think your average Excel jock would know how.

Expected result:

Documented, specific guidance in a place which Google can find.

Ideally, I suppose, it would be nice to have this exposed in the browser's settings.

Reproduces how often:

If I put in good search keywords here, this ticket will now change the outcome when you google for this.

OSX Active Directory single sign-on kinit klist

Brave version (brave://version info)

Brave | 1.4.95 Chromium: 80.0.3987.122聽(Official Build)聽(64-bit)
Revision | cf72c4c4f7db75bc3da689cd76513962d31c7b52-refs/branch-heads/3987@{#943}
OS | macOS Version 10.15.3 (Build 19D76)

Other Additional Information:

The incantation which worked for me was

defaults write com.brave.Browser AuthNegotiateWhitelist "*.example.com"
defaults write com.brave.Browser AuthServerWhitelist "*.example.com"

where the identifier com.brave.Browser is the secret sauce I could not easily find by googling.

Miscellaneous Information:

documentation enterprise growtengagement
Source
picture tripleee

Most helpful comment

Adding Linux instructions here, Fedora 31 on March 4, 2020, because I couldn't find anything! At least it will be written down.

Looks like Brave is using the /etc/chromium directory to read policies.

$ sudo mkdir -p /etc/chromium/policies/managed
$ sudo vi /etc/chromium/policies/managed/example.json

Contents of _example.json_

{
    "AuthServerWhitelist": "*.example.com"
}

Save and restart Brave.

You can verify by visiting this link in your browser:

brave://policy/

picture mwoodson on 4 Mar 2020
🎉3

All 2 comments

cc: @Brave-Matt Can you take a look?

rebron picture rebron on 28 Feb 2020

Adding Linux instructions here, Fedora 31 on March 4, 2020, because I couldn't find anything! At least it will be written down.

Looks like Brave is using the /etc/chromium directory to read policies.

$ sudo mkdir -p /etc/chromium/policies/managed
$ sudo vi /etc/chromium/policies/managed/example.json

Contents of _example.json_

{
    "AuthServerWhitelist": "*.example.com"
}

Save and restart Brave.

You can verify by visiting this link in your browser:

brave://policy/

mwoodson picture mwoodson on 4 Mar 2020
🎉3
Was this page helpful?
0 / 5 - 0 ratings

Related issues

moritzhaller picture moritzhaller  路  3Comments
kerry-perret picture kerry-perret  路  3Comments
bsclifton picture bsclifton  路  3Comments
jonathansampson picture jonathansampson  路  3Comments
fmarier picture fmarier  路  3Comments