Posted on 12-10-2020 11:51 AM
Hello everyone,
I do love Apple Kerberos Extension. Unfortunately, I do have an issue with macOS 11 Big Sur as I can only access SSO through Safari, not Chrome or Edge Chromium. We do have some internal Apps that don't get along with Safari... (at this time people under Big Sur can't schedule their vacations!) ;-)
I found a blog where they solved the issue by tearing off the sandbox for the other browsers: I won't do that.
Does anyone have the same issue? Any idea on how to get rid of it?
Truly,
DP
Posted on 12-10-2020 11:56 AM
Known issue in Chrome. It's reportedly already fixed in Chrome 89 early builds and will hopefully be fixed in the release version of Chrome 88.
Posted on 02-28-2021 11:17 AM
@dannypierre.villeneuve do you tried this?
defaults write com.google.Chrome AuthServerWhitelist .example.com
defaults write com.google.Chrome AuthNegotiateDelegateWhitelist .example.com
Posted on 12-27-2021 10:27 PM
Posted on 03-01-2021 06:54 AM
Hello everyone, I do love Apple Kerberos Extension. Unfortunately, I do have an issue with macOS 11 Big Sur as I can only access SSO through Safari, not Chrome or Edge Chromium. We do have some internal Apps that don't get along with Safari... (at this time people under Big Sur can't schedule their vacations!) ;-) I found a blog where they solved the issue by tearing off the sandbox for the other browsers: I won't do that Upsers. Does anyone have the same issue? Any idea on how to get rid of it? Truly, DP
That error is not a problem. It means that there is not previously saved data. Be aware that the bundle id ACL is case sensitive and it is used the first time a credential is received until it expires. This could impact your tests depending on the order. I suggest trying without the acl until you get it working. The CFNetwork stack is supported for SSO. Does your app download the data separately from the WKWebView? or does it load the URL directly in it?
Posted on 03-30-2021 08:32 AM
I assigned the SSO extension to Big Sur, but when visiting the Intranet site via Safari, I was prompted for AD credentials,
Windows PCs don't have this problem. What's on Safari?
Posted on 04-13-2021 01:56 PM
@spotmac
Hello.
Yes, I have it in place, but I find it unreliable. In fact, it only works reliably with Safari...
Workaround that is working great with Edge Chromium:
Quit Browsers;
Restart;
Open Safari;
Connect to a page that requires SSO;
If it works, open Edge Chromium and connect to SSO pages.
Posted on 08-23-2021 07:38 AM
So...
If you're still interested in that topic.
Expired kerberos tickets are not purged and browsers other than Safari continue to use the expired one, so it doesn't work.
Simple task to do in Terminal, you can even create a nice Self Service action from it:
kdestroy -a