SOLVED

Integrated Authorization for Intranet Sites

Copper Contributor

Chromium supports Integrated Authentication; as well as IE11 and Edge (current), so that users can authenticate to an Intranet server without having to prompt the user to login.  Our intranet URLs are specified in IE's Internet Properties as Local Intranet sites.  Will the new Edge also allow this functionality?

33 Replies

@perrin42 

 

It works!

 

 

I know this discussion is focused on Windows but I have the same question/request for Mac. On our company Macs, we have defaults read com.google.Chrome AuthServerWhitelist “*.companyurl.com”

 

Is there an equivalent for MacOS Edge? 

 

@soundman_ok @Eric_Lawrence 

Edge on Mac also supports policy. I'd probably start by trying just com.microsoft.Edge.AuthServerWhitelist and if that doesn't work I can ask around.

@Eric_Lawrence Thanks. I tried both com.microsoft.Edge and com.google.Edge to set AuthServerWhitelist and it did not stick. 

 

Edit: I take it back. com.microsoft.Edge and com.microsoft.Edge.Canary work fine. I just had some issues with one specific intranet site, but others seem to be taking the SSO just fine. 

Also, I do want to point out that we changed the name of this policy from Chromium to AuthServerAllowlist.

From your edit, it sounds like you have discovered this if the policies were working for you, but I wanted to point this difference out.
Thanks!! Applied it with the new name too. All good :thumbs_up:
Do you mind sharing a sample plist?

Starting in Canary 79.0.307.0, and now also in the Dev channel as of today, this is no longer working for us!

 

https://techcommunity.microsoft.com/t5/Discussions/Windows-Authentication-Not-Working-Canary-amp-Dev...

broken for me too

@mkruger - Thanks.  This 'hint' lead me to realize the same is true of AuthNegotiateDelegateWhitelist.  Edge Chromium is looking for AuthNegotiateDelegateAllowlist in Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge.  Once my companie's domain suffix was added to that key in that location, pass-through authentication from chromium Edge through SSRS 2017 to SQL 2017 began to work as expected.

@MFoster5879 great, I'm glad this helped. We are also working on some documentation around this and I will try and update this conversation when ready.
Hrm. It's worth mentioning that adding a URL manually as suggested in that "providing.tips" article turns off the default behavior, which is to respect the Intranet Zone. So, if this URL is in your Intranet zone, it should be authenticating automatically. By setting this policy directly in this way, you're likely to cause yourself a bunch of other problems, because it will ensure that none of your other Intranet URLs automatically authenticate any longer.

https://source.chromium.org/chromium/_/chromium/chromium/src/out/+/0309b2d58b48f0c0dc0bfbe73512b793e...

@mkruger I have a new Mac and I installed Edge stable/prod release. I applied the following but the SSO prompt keeps coming ~once a day. Anything else I need to do? 

 

 

edge_policy.png