Method 1
Since Chrome will use primarily IE configurations add the site in Internet Options
->Security
->Local Intranet
->Sites
->Advanced
(provide the FDQN, using wildcards if required and press Add
)
Method 2
If you do not want to use IE settings run the following registry entries
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome]
"AuthServerWhitelist"="fdqn"
"AuthSchemes"="basic,digest,ntlm,negotiate"
"AuthNegotiateDelegateWhitelist"="fdqn"
fdqn
can be a single host qualified name (like www.domain.com ) or a full domain (like *domain.com); the wild card syntax is slightly different the one of IE (no dot required!?)
ADFS/SAML Remark
In order to have WIA working against ADFS (at least version 2.0) we have two constraints:
- Use integrated authentication (in web.config)
<microsoft.identityServer.web>
<localAuthenticationTypes>
<add name="Integrated" page="auth/integrated/" />
<add name="Forms" page="FormsSignIn.aspx" />
<add name="TlsClient" page="auth/sslclient/" />
...
- Disable Extended Protection for adsf\ls site (
Authentication
->Windows Authentication
->Advanced Settings
, set `Extended Protection' to Off)
IyBNZXRob2QgMQ0KU2luY2UgQ2hyb21lIHdpbGwgdXNlIHByaW1hcmlseSAgSUUgY29uZmlndXJhdGlvbnMgYWRkIHRoZSBzaXRlIGluIGBJbnRlcm5ldCBPcHRpb25zYC0+YFNlY3VyaXR5YC0+YExvY2FsIEludHJhbmV0YC0+YFNpdGVzYC0+YEFkdmFuY2VkYCAocHJvdmlkZSB0aGUgRkRRTiwgdXNpbmcgd2lsZGNhcmRzIGlmIHJlcXVpcmVkIGFuZCBwcmVzcyBgQWRkYCkNCg0KIyBNZXRob2QgMg0KSWYgeW91IGRvIG5vdCB3YW50IHRvIHVzZSBJRSBzZXR0aW5ncyBydW4gdGhlIGZvbGxvd2luZyByZWdpc3RyeSBlbnRyaWVzDQogDQpgYGANCldpbmRvd3MgUmVnaXN0cnkgRWRpdG9yIFZlcnNpb24gNS4wMA0KDQpbSEtFWV9MT0NBTF9NQUNISU5FXFNvZnR3YXJlXFBvbGljaWVzXEdvb2dsZVxDaHJvbWVdDQoiQXV0aFNlcnZlcldoaXRlbGlzdCI9ImZkcW4iDQoiQXV0aFNjaGVtZXMiPSJiYXNpYyxkaWdlc3QsbnRsbSxuZWdvdGlhdGUiDQoiQXV0aE5lZ290aWF0ZURlbGVnYXRlV2hpdGVsaXN0Ij0iZmRxbiINCmBgYA0KDQpgZmRxbmAgY2FuIGJlIGEgc2luZ2xlIGhvc3QgcXVhbGlmaWVkIG5hbWUgKGxpa2Ugd3d3LmRvbWFpbi5jb20gKSBvciBhIGZ1bGwgZG9tYWluIChsaWtlICpkb21haW4uY29tKTsgdGhlIHdpbGQgY2FyZCBzeW50YXggaXMgc2xpZ2h0bHkgZGlmZmVyZW50IHRoZSBvbmUgb2YgSUUgKG5vIGRvdCByZXF1aXJlZCE/KQ0KDQojIEFERlMvU0FNTCBSZW1hcmsNCg0KSW4gb3JkZXIgdG8gaGF2ZSBXSUEgd29ya2luZyBhZ2FpbnN0IEFERlMgKGF0IGxlYXN0IHZlcnNpb24gMi4wKSB3ZSBoYXZlIHR3byBjb25zdHJhaW50czoNCiogVXNlIGludGVncmF0ZWQgYXV0aGVudGljYXRpb24gKGluIHdlYi5jb25maWcpDQpgYGB4bWwNCiAgPG1pY3Jvc29mdC5pZGVudGl0eVNlcnZlci53ZWI+DQogICAgPGxvY2FsQXV0aGVudGljYXRpb25UeXBlcz4NCiAgICAgIDxhZGQgbmFtZT0iSW50ZWdyYXRlZCIgcGFnZT0iYXV0aC9pbnRlZ3JhdGVkLyIgLz4NCiAgICAgIDxhZGQgbmFtZT0iRm9ybXMiIHBhZ2U9IkZvcm1zU2lnbkluLmFzcHgiIC8+DQogICAgICA8YWRkIG5hbWU9IlRsc0NsaWVudCIgcGFnZT0iYXV0aC9zc2xjbGllbnQvIiAvPg0KLi4uDQpgYGANCiogRGlzYWJsZSBFeHRlbmRlZCBQcm90ZWN0aW9uIGZvciBhZHNmXFxscyBzaXRlIChgQXV0aGVudGljYXRpb25gLT5gV2luZG93cyBBdXRoZW50aWNhdGlvbmAtPmBBZHZhbmNlZCBTZXR0aW5nc2AsIHNldCBgRXh0ZW5kZWQgUHJvdGVjdGlvbicgdG8gT2ZmKQ==
No comments :
Post a Comment