Forum Discussion
Integrated Authorization for Intranet Sites
soundman_ok As far as I can tell, command-line argument support for setting auth-negotiate-delegatewhitelist appears to have been removed from Chrome/Chromium some time ago. It does seem to be available as a policy. Do you know if your admins have set this policy? (It should appear if you visit chrome://policy/ in Chrome).
Microsoftsoundman_ok Chrome/Chromium/new Edge all respect the "Automatic Authentication" settings for the Local Intranet Zone (this is one of only two places in Chromium that use Windows Security Zones) by default.
This can be overridden via policy or a command line argument to specify exactly which sites can get automatic authentication.
E.g. if you launch Edge like so:
msedge.exe --auth-server-whitelist="example"
...automatic authentication will occur only for http://example/ and all other sites (even those in the Intranet zone) will require the user manually enter their credentials.
Eric_Lawrence Will there be a way to set auth whitelists for Edge Mac?
@ericlaw After further review, authentication is being passed; however delegation is not happening. We pass authentication through to a MS-SQL server. I have used the following to define the delegated whitelist, in addition to the auth-server-whitelist:
msedge.exe --auth-server-whitelist="***.midlandschoice.com" --auth-negotiate-delegatewhitelist="***.midlandschoice.com"This works fine in Chrome; however, neither Edge nor Chromium seem to want to allow delegation. Am I missing something or is delegation not supported?
- Eric_Lawrence
soundman_ok As far as I can tell, command-line argument support for setting auth-negotiate-delegatewhitelist appears to have been removed from Chrome/Chromium some time ago. It does seem to be available as a policy. Do you know if your admins have set this policy? (It should appear if you visit chrome://policy/ in Chrome).
Yes, this is exactly what we need. Right now, we do this via GPO (see screenshot) in Chrome, or if when needed, we can make this work in Chrome using the Registry change manually. However, in Edge, we can't even find where to put this, as the tree does not exist. I've tried every place I can think of but does not work. I've spoken with a guy on the MS Edge team personally (literally in person last weekend) about the issue. He says that all of Chromium should be working in Edge. So either AuthNegotiateDelegateWhitelist is not working in Edge or I can't find the correct place in the Registry to put it.
Eric_Lawrence Sorry, I've been away from my desk all day. I did try the command line argument, without success. I'll look into this more tomorrow, as I have a feeling a policy might be in place that I am unaware of, since our system administrator has been doing some browser settings testing with Group Policy. Thanks for responding so quickly.
