Date Posted:
Product: TIBCO Spotfire®
Product: TIBCO Spotfire®
Problem:
How to configure the Chrome web browser to access TIBCO Spotfire Web Player using Kerberos for Delegation without parameters.
Solution:
When the TIBCO Spotfire Web Player is configured to use Kerberos for unconstrained delegation authentication, the Chrome web browser must be explicitly passed the Web Player server or domain. For this, the Chrome browser can be launched with the following parameters:
chrome.exe --auth-server-whitelist=".domain.com" --auth-negotiate-delegate-whitelist=".domain.com"
It is also possible to define this server whitelist in the registry to avoid having to launch Chrome with these parameters every time.
Follow these instructions when using Google Chrome. Note that you must create and set a registry key for Google Chrome.
- The Spotfire Server you are connecting to must be located in the Intranet security zone.
- In the Registry Editor, go to [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome].
- Add the String Value AuthNegotiateDelegateWhitelist.
- Modify AuthNegotiateDelegateWhitelist and add the URL to the Spotfire Web Player. For example, "AuthNegotiateDelegateWhitelist"="myserver,myotherserver,*.mydomain.local"
See attached (Filename: ChromeRegistryKeyUpdate.png) for the screenshot.
Doc: Enabling delegated Kerberos for Google Chrome
External: Chromium Projects developer page:
Comments
0 comments
Article is closed for comments.