Forum Discussion
Integrated Authorization for Intranet Sites
soundman_ok As far as I can tell, command-line argument support for setting auth-negotiate-delegatewhitelist appears to have been removed from Chrome/Chromium some time ago. It does seem to be available as a policy. Do you know if your admins have set this policy? (It should appear if you visit chrome://policy/ in Chrome).
@ericlaw After further review, authentication is being passed; however delegation is not happening. We pass authentication through to a MS-SQL server. I have used the following to define the delegated whitelist, in addition to the auth-server-whitelist:
msedge.exe --auth-server-whitelist="***.midlandschoice.com" --auth-negotiate-delegatewhitelist="***.midlandschoice.com"
This works fine in Chrome; however, neither Edge nor Chromium seem to want to allow delegation. Am I missing something or is delegation not supported?
Microsoftsoundman_ok As far as I can tell, command-line argument support for setting auth-negotiate-delegatewhitelist appears to have been removed from Chrome/Chromium some time ago. It does seem to be available as a policy. Do you know if your admins have set this policy? (It should appear if you visit chrome://policy/ in Chrome).
Yes, this is exactly what we need. Right now, we do this via GPO (see screenshot) in Chrome, or if when needed, we can make this work in Chrome using the Registry change manually. However, in Edge, we can't even find where to put this, as the tree does not exist. I've tried every place I can think of but does not work. I've spoken with a guy on the MS Edge team personally (literally in person last weekend) about the issue. He says that all of Chromium should be working in Edge. So either AuthNegotiateDelegateWhitelist is not working in Edge or I can't find the correct place in the Registry to put it.
- Eric_LawrenceEdge reads policies from the keys under HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\
- I've tried putting it there, but it does not work. If Edge is running the complete Chromium code-base, why do these not work?
Eric_Lawrence I have both AuthNegotitateDelegateWhitelist and AuthServerWhitelist policies showing there, which most likely are being applied to my machine through my local Registry. I'll have our admins look into publishing the policy for our entire domain.
Thanks for the help!
soundman_ok Rejoice as the policies are coming for GPO
Will make edge://policy reflect the settings set as well.
Includes most of the Chrome settings though it is early days and does not all apply to the DEV builds available at the moment you can start playing now.
