Google Chrome

Owned by Stefan Paetow
Last updated: Sept 12, 2019 by Alex Perez Mendez
3 min read

Chrome is Google's web browser. See Google's Chrome website for more details.

Contents

1. Overview

All recent versions of Chrome are generally compatible with Moonshot.

On Windows, Chrome is integrated with the Windows Security Support Provider Interface (SSPI) and requires the Moonshot SSP.

macOS support is currently in development, you must currently use the .gss_eap_id file in your home directory. See the macOS Compatibility List for more details.

2. Compatibility

2.1. Key

In the tables below, the following icons have the following meanings:

  • (tick) - This version of the software has been tested and verified as supporting Moonshot.
  • (error) - This version of the software has been tested and verified as not supporting Moonshot.
  • (question) - This version of the software has not yet been tested thoroughly and its status is not known. Let us know if you have tried it and whether it worked or not!

2.2. Compatibility List

Note that accessing supported versions of this software requires a Moonshot compatible client - see the next section for details on which clients are supported.

Any versions not listed below have not yet been tested. If you do so, please let us know!

VersionCompatible?Notes

Chrome v22 and later

(tick)When running on Windows, Linux, or macOS

3. Installation Instructions

This software does not require any special installation instructions - install it as you normally would.

4. Configuration Instructions

For security reasons, Google Chrome disables the Negotiate protocol, which it refers to as Integrated Authentication, for sites outside a specific whitelist of sites. For more information on how Chrome manages HTTP Authentication, see https://www.chromium.org/developers/design-documents/http-authentication.

4.1. Windows

On Windows, Google Chrome uses Internet Explorer's Local Intranet zone as its whitelist for sites. To use Integrated Authentication, add your site to the Local Intranet zone.

For more information on the Local Intranet zone and how to add and remove sites from this zone, visit Microsoft's Change Internet Explorer Security settings.

The Windows version of Google Chrome does support a per-user exception list.

4.2. Linux

On Linux, Google Chrome uses a JSON file to define the whitelist of sites. This file is stored in /etc/opt/chrome/policies/managed or /etc/opt/chrome/policies/recommended and may be any file with a .json extension. The format of the file is:

{
    "AuthServerWhitelist": "*.example.org, *.example2.com",
    "AuthNegotiateDelegateWhitelist": "*.example.org, *.example3.net" 
}

The Linux versions of Google Chrome and Chromium do not support a per-user exception list.

These parameters can be set on the command line as  --auth-server-whitelist and --auth-negotiate-delegate-whitelist

4.3. macOS

On macOS, Google Chrome uses the macOS property list (.plist) file define the whitelist of sites. This file is stored in ~/Library/Preferences/com.google.Chrome.plist. As with Linux, the two settings that control the Negotiate protocol are:

{
    "AuthServerWhitelist": "*.example.org, *.example2.com",
    "AuthNegotiateDelegateWhitelist": "*.example.org, *.example3.net" 
}

To set the values, use the following command:

macOS-Host:~ localuser$ defaults write com.google.Chrome AuthServerWhitelist -string "*.example.org, *.example2.com"
macOS-Host:~ localuser$ defaults write com.google.Chrome AuthNegotiateDelegateWhitelist -string "*.example.org, *.example3.net"

To display currently set values of the AuthServerWhitelist and AuthNegotiateDelegateWhitelist settings, use the following command:

macOS-Host:~ localuser$ defaults read com.google.Chrome AuthNegotiateDelegateWhitelist
*.example.org, *.example3.net
macOS-Host:~ localuser$

macOS version compatibility

It appears that versions other than El Capitan will not load the Moonshot mechanism in Chrome (due to Apple's sandboxing). We're trying to investigate this issue.

5. Credential Storage

Credential Storage

You can also store the credentials in Chrome's own website password list, but this is not recommended as it is less secure.

For more information on how to manage your credentials in Google Chrome, visit Google's Manage your website passwords page.

5.1. Windows

On Windows, you may store the website credentials in the Windows Credential Manager before you try to connect to the website. For more information on storing credentials in the Credential Manager, see Section 2.2 of the Windows Credential Manager page.

5.2. Linux

On Linux you should use the Moonshot Identity Selector.

5.3. macOS

macOS support is currently in development, you must currently use the .gss_eap_id file in your home directory. See the macOS Compatibility List for more details.

6. Server Compatibility

The following servers are known to work with this server software using Moonshot authentication (click on the link to see further information about enabling Moonshot in that server):