Auth Server Whitelist

Having problems with building or using CEF's C/C++ APIs? This forum is here to help. Please do not post bug reports or feature requests here.

Auth Server Whitelist

Postby JasonLP » Thu Mar 12, 2020 4:13 pm

I have a customer that is using --auth-server-whitelist and --auth-negotiate-delegate-whitelist in Chrome to support Kerberos Authentication in their organization. They tried to use these command-line arguments in our CEF-based app, and it's failing.

Doing some reading, I found some discussion around the subject.
https://bitbucket.org/chromiumembedded/ ... s/activity
and
https://bitbucket.org/chromiumembedded/cef/issues/1150

I am trying to use SetPreference on the global context, as in this code:
Code: Select all
   CefRefPtr<CefRequestContext> context = CefRequestContext::GetGlobalContext();
   CefString error;
   CefRefPtr<CefValue> val = CefValue::Create();
   val->SetString(L"*.mycompany.com");
   context->SetPreference(L"auth.server_whitelist", val, error);


But on execution I get the following error: "Trying to modify an unregistered preference"

Is there a place I need to register the preference before telling it I want to use it? Or am I missing something larger?

Thank you.
-Jason-
JasonLP
Mentor
 
Posts: 98
Joined: Fri Jul 25, 2014 10:10 am

Re: Auth Server Whitelist

Postby magreenblatt » Thu Mar 12, 2020 4:20 pm

What CEF version?
magreenblatt
Site Admin
 
Posts: 12382
Joined: Fri May 29, 2009 6:57 pm

Re: Auth Server Whitelist

Postby JasonLP » Thu Mar 12, 2020 4:34 pm

From cef_version.h: 78.3.9+gc7345f2+chromium-78.0.3904.108
JasonLP
Mentor
 
Posts: 98
Joined: Fri Jul 25, 2014 10:10 am

Re: Auth Server Whitelist

Postby JasonLP » Fri Mar 20, 2020 8:48 am

Just wanted to follow-up on this and see if there is anything I can do here....Thanks.
JasonLP
Mentor
 
Posts: 98
Joined: Fri Jul 25, 2014 10:10 am

Re: Auth Server Whitelist

Postby ndesktop » Fri Mar 20, 2020 10:52 am

(deleted)
Last edited by ndesktop on Fri Mar 20, 2020 11:01 am, edited 2 times in total.
ndesktop
Master
 
Posts: 750
Joined: Thu Dec 03, 2015 10:10 am

Re: Auth Server Whitelist

Postby magreenblatt » Fri Mar 20, 2020 10:58 am

The "auth.server_whitelist" preference should be supported currently if NetworkService is enabled. However, it needs to be set very early during Chromium initialization on the PrefService object returned from BrowserProcess::local_state(). There is no exposed API for that currently.
magreenblatt
Site Admin
 
Posts: 12382
Joined: Fri May 29, 2009 6:57 pm

Re: Auth Server Whitelist

Postby magreenblatt » Fri Mar 20, 2020 11:07 am

The "auth-server-whitelist" command-line switch should be supported currently via ChromeCommandLinePrefStore. If you make a local CEF/Chromium build you can set some breakpoints and debug the problem.
magreenblatt
Site Admin
 
Posts: 12382
Joined: Fri May 29, 2009 6:57 pm

Re: Auth Server Whitelist

Postby JasonLP » Fri Mar 20, 2020 12:25 pm

I'm sorry--I don't fully understand what you are suggesting. I also don't fully understand how this is supposed to be working. I am not building CEF locally--just using the packaged CEF.
JasonLP
Mentor
 
Posts: 98
Joined: Fri Jul 25, 2014 10:10 am

Re: Auth Server Whitelist

Postby magreenblatt » Fri Mar 20, 2020 1:06 pm

I'm suggesting the following:

1. You cannot set the "auth.server_whitelist" preference.
2. You should be able to set the "auth-server-whitelist" command-line switch.
3. If the command-line switch is not working you can build CEF/Chromium from source code to debug the problem. See links/hints above for where to look in the code.
magreenblatt
Site Admin
 
Posts: 12382
Joined: Fri May 29, 2009 6:57 pm

Re: Auth Server Whitelist

Postby JasonLP » Fri Mar 20, 2020 2:11 pm

magreenblatt wrote:I'm suggesting the following:

2. You should be able to set the "auth-server-whitelist" command-line switch.



To be clear, the customer has tried running with the --auth-server-whitelist commandline parameter and this does not work. Are you suggesting that I add this at runtime (where I do the rest of them in OnBeforeCommandLineProcessing)?

Also, I don't see any reference to --auth-negotiate-delegate-whitelist. Is this explicitly not supported?
JasonLP
Mentor
 
Posts: 98
Joined: Fri Jul 25, 2014 10:10 am

Next

Return to Support Forum

Who is online

Users browsing this forum: Google [Bot] and 22 guests