Re: Issue 19 in chromium: Automatic integrated windows authentication (aka automatic NTLM / Negotiate Auth support)
chro...@googlecode.com
Comment #134 on issue 19 by KendalCole: Automatic integrated windows
authentication (aka automatic NTLM / Negotiate Auth support)
http://code.google.com/p/chromium/issues/detail?id=19
Help me Milestone 5... you're my only hope...
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
chro...@googlecode.com
Comment #135 on issue 19 by jadranko.dragoje: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
And when is this going to be fixed? I just cannot believe that this is such
a big
problem to solve. :(
chro...@googlecode.com
Comment #136 on issue 19 by div...@hotmail.com: Automatic integrated
http://code.google.com/p/chromium/issues/detail?id=19
Comment 132 - "I'm actively working on it and it's scheduled for inclusion
in Milestone 5."
http://www.chromium.org/developers/design-documents/network-stack
Add label: Mstone-5
chro...@googlecode.com
Comment #138 on issue 19 by pherson: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
Thanks CBent! This is one of the last items to cross off before we can
deploy Chrome
in our enterprise.
chro...@googlecode.com
Comment #139 on issue 19 by btexier: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
Does not seem to be schedule for Mstone 5. Any update on this?
chro...@googlecode.com
Comment #140 on issue 19 by cbent...@chromium.org: Automatic integrated
http://code.google.com/p/chromium/issues/detail?id=19
This ended up getting broken up into multiple sub-bugs which have been
labeled with
Milestone 5, for example issue 29862.
I'll make sure related bugs are updated.
chro...@googlecode.com
Comment #141 on issue 19 by chris.hulbert: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
Hi,
Just to let you know, I've just downloaded milestone 5 (version 5.0.307.1
dev) and this
problem still exists. Or is version 5.x != milestone 5 ?
Cheers
chro...@googlecode.com
Comment #146 on issue 19 by pcchenard: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
What is the ETA for working integrated authentication????? I would love to
roll
this out company wide but cannot without this working properly.
chro...@googlecode.com
Comment #148 on issue 19 by 9DeTxx: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
Extremely annoying pop up window indeer...especially when you like to
ctrl+click all
your favorites as soon as you open up chrome...then you realize you have 8+
credentials
pop ups...
chro...@googlecode.com
Comment #150 on issue 19 by sebastian.rasch: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
going to be
fixed °_* Pitty.
In the office, this is really annoying. New tabs open normally without an
authenication prompt. But my last tabs that open automatically at start of
chrome all
require authentication. Sucks.
chro...@googlecode.com
Comment #151 on issue 19 by jadranko.dragoje: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
Will this ever be fixed? :(
Come on people, I would like to deploy intranet application on Chrome ... :(
chro...@googlecode.com
Comment #152 on issue 19 by jjmartin1248: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
I'd like to confirm (for tracking purposes when this is fixed) that this
feature/issue would add the equivalent of the
network.automatic-ntlm-auth.trusted-uris,
network.negotiate-auth.trusted-uris, and
network.negotiate-auth.delegation-uris settings from Firefox into Chrome.
A support question refers to this issue:
http://www.google.com/support/forum/p/Chrome/thread?tid=109a40b1b6675295&hl=en&fid=109a40b1b6675295000481732e7f26b5
chro...@googlecode.com
Comment #153 on issue 19 by mccarthy.greg: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
This is really taking forever to sort out. The issue was first opened in
Sep 2008! Can
some priority be given to it?
chro...@googlecode.com
Comment #159 on issue 19 by w...@chromium.org: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
beethoven07: thanks for the bug report. That regression was introduced
in r42600 on 2010-03-25.
I checked in a fix for this issue today. Please test this build:
http://build.chromium.org/buildbot/snapshots/chromium-rel-xp/43140/
1. Download the chrome-win32.zip file.
2. Open the chrome-win32.zip file and extract all files.
3. If you're running Chrome, shut it down.
4. Change into the resulting chrome-win32 folder, and run the
chrome.exe file in that folder.
5. Type "about:version" in the location bar and verify it is
"5.0.366.0 (Developer Build 43140)".
Now, use a proxy server or visit an intranet server that requests HTTP
NTLM or Negotiate authentication. This Chrome build should perform
the authentication automatically without prompting you for a user
name and password.
Please let me know if this build works as expected. Thank you!
Optional testing:
If you want to test a "before" build that doesn't have the fix, try
http://build.chromium.org/buildbot/snapshots/chromium-rel-xp/42598/
"about:version" in this build should say "5.0.363.0 (Developer Build
42598)".
This build should prompt you for a user name and password.
chro...@googlecode.com
Comment #160 on issue 19 by alexclifford47: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
I have tested your fix w...@chromium.org and it works fine for me on Windows
XP SP3.
Thank you very much for the update, I very much look forward to rolling out
Chrome 5
instead of Internet Explorer at our organisation in the future.
chro...@googlecode.com
Comment #161 on issue 19 by sectorx4: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
I have tested this build and it works fine, it even loads up images served
from my
companyweb site without prompting for authentication (which Firefox does)
chro...@googlecode.com
Comment #162 on issue 19 by ishanh: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
It didn't work for me in Vista. Didn't even allowed me to
check 'about:version'.
Little while after opening it crashed. The error and the dump is attached.
Attachments:
WERBE07.tmp.appcompat.txt 36.5 KB
WERABDE.tmp.version.txt 456 bytes
WERBE76.tmp.mdmp 2.3 MB
Chrome.JPG 47.1 KB
chro...@googlecode.com
Comment #163 on issue 19 by vegitto.ru: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
Tested the build.
Works like a charm when browsing external Internet sites (i.e. it doesn't
ask to
authenticate with the proxy) but when browsing some internal applications I
still get
the following error:
Error Text: DPWWA2403E Your browser supplied NTLM authentication data. NTLM
is not
supported by WebSEAL. Please make sure your browser is configured to use
Integrated
Windows Authentication.
I ran the tests on Windows XP SP3.
chro...@googlecode.com
Comment #164 on issue 19 by chris.hulbert: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
Works great! When shall this be rolled into the dev channel of chrome?
chro...@googlecode.com
Comment #165 on issue 19 by tariq.rafique: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
I'm running Windows 7. can't even access intranet sites. chrome seems to
think they
don't exist. i get redirected to a google search
i can access the site through IE, but no luck with chrome
chro...@googlecode.com
Comment #166 on issue 19 by tariq.rafique: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
okay, so I'm running DirectAccess. I had to uncheck this option:
"Use DNS pre-fetching to improve page load performance"
and now I can access my intranet sites without having to specify
credentials.
is there a bug in the way that your fix interacts with the dns-preftecher ?
chro...@googlecode.com
Comment #167 on issue 19 by arandall85: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
Works great on Windows XP Pro with SP3. All of my intranet sites that have
been setup
with Windows Authentication worked seamlessly.
Thank you so much!
chro...@googlecode.com
Comment #168 on issue 19 by Sarkie: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
This seems to work on our local intranet using Small Business Server 2008
as our proxy.
I'll check more soon!! Thanks!!
chro...@googlecode.com
Comment #169 on issue 19 by satimon: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
Yes! it`s work! waiting this fix is in stable relise version!
chro...@googlecode.com
Comment #170 on issue 19 by enriquez.german.e: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
Works fine on a Windows XP SP3 client attached to a Windows Domain running
ISA Server
(Pre-2004 version). Had a little problem login to gmail thou, requering
explicity
retyping the gmail URL to avoid a loop on the login process, asking over
and over for
user and password (not proxy user but gmail user).
I'm much obliged for this fix. Awesome Job!
chro...@googlecode.com
Comment #171 on issue 19 by christopher.leblanc: Automatic integrated
http://code.google.com/p/chromium/issues/detail?id=19
Works great for my use over the 5.0.342.8 beta I had. When does this
update make the
BETA Channel, 2-3 weeks or???
Thanks for the fix!!!
chro...@googlecode.com
Comment #172 on issue 19 by haroonie: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
works great for intranet sites and accessing the internet (uses
domain\username) ntlm
authentication!
chro...@googlecode.com
Comment #173 on issue 19 by cbent...@chromium.org: Automatic integrated
http://code.google.com/p/chromium/issues/detail?id=19
#163: I'll open a separate bug to track the issue you reported.
chro...@googlecode.com
Comment #174 on issue 19 by dave.dolan: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
Works on Windows 7 Enterprise. Passes through Bluecoat too. Not that I
expected
otherwise, but just stating for the record.
chro...@googlecode.com
Comment #175 on issue 19 by outersource: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
I am still prompted by my site which is using active directory for
authentication. My
application is built using the ASP.NET MVC 1.0 framework and developed in
Visual Studio
2008 (C#). Oh I'm also using Windows 7.
Attachments:
Version.png 50.5 KB
Prompt.png 139 KB
chro...@googlecode.com
Comment #176 on issue 19 by lgardent: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
Intranet & Internet working here too (win vista 32bits and corporate
proxy). At last !!
Thx so much for fixing. I'll be reporting if any bugs come up.
thx again, i can now trash 1) corporate IE bs, 2) freaking heavy and slow FF
\o/
chro...@googlecode.com
Comment #177 on issue 19 by t...@ekonbenefits.com: Automatic integrated
http://code.google.com/p/chromium/issues/detail?id=19
Works perfectly here, XP SP3 clients and Windows 2003 server (iis 6.0 w/
asp.net and
MVC 2.0 apps) also we have a Mac 10.5 intranet server with mod_ntlm_winbind
and that
works too.
chro...@googlecode.com
Comment #178 on issue 19 by FrozenThread: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
Tested on Windows 7 Enterprise 64bit and WinXP SP3 Professional works
perfect so
far. Will post if anything breaks.
chro...@googlecode.com
Comment #179 on issue 19 by w...@chromium.org: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
Thanks to everyone for testing the new build.
To help cbentzel and I debug the problems with the new build, please
do not report new test successes.
Reporting Test Failures:
If the new build still prompts for a user name and password when visiting
an *intranet* server, please visit the same intranet server, with the exact
same URL, using Internet Explorer. Does IE also prompt for a user name and
password?
This new Chromium build uses IE/WinINet's registry settings to determine
if a URL is in the Local Intranet zone. So it is expected to match IE's
behavior regarding the prompt.
Testing Internet Zone:
If you visit a server on the Internet zone that requests NTLM/Negotiate
authentication, this new build should prompt for a user name and password
(so should IE). I am also interested in hearing about Internet zone test
results. It is expected to match IE's behavior regarding prompting.
chro...@googlecode.com
Comment #180 on issue 19 by outersource: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
I tested the exact same URL in IE after receiving the prompt still in the
new build and
IE works how it should, it doesn't prompt me at all. Note, Firefox also
prompts me to
enter a username and password.
chro...@googlecode.com
Comment #191 on issue 19 by todd.giles: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
as:
[6984:5824:3539277265:INFO:http_network_transaction.cc(1850)] The server
https://subdomain1.yyy.zzz/ requested auth
Has header WWW-Authenticate: Negotiate
Has header WWW-Authenticate: Basic realm="xxx.yyy.zzz"
[6984:5824:3539277265:INFO:http_network_transaction.cc(1850)] The server
https://subdomain1.yyy.zzz/ requested auth
Has header WWW-Authenticate: Negotiate
TlRMTVNTUAACAAAADAAMADgAAAAFgomip1dwbhp+cUgAAAAAAAAAALIAsgBEAAAABgGwHQAAAA9TAEEATgBEAEkAQQACAAwAUwBBAE4ARABJAEEAAQAWAFMAUAAwADAAMQBTAE4ATABOAFQAQgAEABwAcwByAG4ALgBzAGEAbgBkAGkAYQAuAGcAbwB2AAMANABTAFAAMAAwADEAUwBOAEwATgBUAEIALgBzAHIAbgAuAHMAYQBuAGQAaQBhAC4AZwBvAHYABQAcAHMAcgBuAC4AcwBhAG4AZABpAGEALgBnAG8AdgAHAAgAU3+YhRXRygEAAAAA
And on the one that doesn't work I just get the following:
[6984:5824:3539343078:INFO:http_network_transaction.cc(1850)] The server
https://subdomain2.yyy.zzz/ requested auth
Has header WWW-Authenticate: Negotiate
Has header WWW-Authenticate: Basic realm="Name-Kerberos"
[6984:5824:3539343078:INFO:http_network_transaction.cc(1850)] The server
https://subdomain2.yyy.zzz/ requested auth
Has header WWW-Authenticate: Basic realm="Name-Kerberos"
[6984:4444:3539343078:ERROR:native_textfield_win.cc(210)] NOT IMPLEMENTED
[6984:4444:3539343078:ERROR:native_textfield_win.cc(210)] NOT IMPLEMENTED
I've changed the internal url's as well as the realm names, but followed
the same
form for them. Any of the above helpful? Contact me offlist and I can
give more
info if needed to get this working. Thanks ;)
chro...@googlecode.com
Comment #193 on issue 19 by enriquez.german.e: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
w...@chromium.org: re: comment 187
I tried to replay de same case on the fixed version of chromium with no
success (I tried deleting all
browsing history and using Private mode), so I haven't tested the not-fixed
build.
Also, I found one more problem where I'm asked for proxy authentication
*again* after deleting
browsing history (all checks selected), closing chromium, reopening and
entering gmail. And also, I
cant replay sistematically this problem too...
One odd thing about this corporate proxy is that, even on IE6/IE8, once I
enter gmail it asks me for
proxy authentication (3 times) for something which I'm not allowed to
access (probably something
relative to the embedded gtalk panel, which states connection problems;
gmail itself works fine).
So in my case, not all proxy authentication request are succesful.
chro...@googlecode.com
Comment #195 on issue 19 by cbent...@chromium.org: Automatic integrated
http://code.google.com/p/chromium/issues/detail?id=19
dariush.pietzrak: Excuse me, I'm a little confused from your description
how Chrome
is not working as expected.
My interpretation is that Chrome 5.0.366.0 is correctly doing SSO for the
Negotiate-
only server and is prompting for username/password on the Negotiate+NTLM
OWA server.
From the last line in the bug report, it sounds like IE8 is doing the same
as well.
Is my interpretation correct?
chro...@googlecode.com
Comment #198 on issue 19 by w...@chromium.org: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
Thank you for all the test reports. To help us keep track of the known
issues, please do not post new test reports until we have a new test build.
We have identified a problem with the current test build. It does not
construct the "service principal name" (SPN) for the server. A correct SPN
is required for Kerberos. Therefore, the Negotiate authentication scheme
may fail if the server requires Kerberos and the host name in the URL is not
the server's SPN (which is the canonical, fully-qualified DNS name of the
server).
cbentzel is working on a fix for the SPN issue. We will announce when a new
test build is available.
chro...@googlecode.com
Comment #199 on issue 19 by mariofishery: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
Just tried it and still no success. Chrome still prompts for Username/
Password if
behind a proxy server.
chro...@googlecode.com
Comment #201 on issue 19 by jadranko.dragoje: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
I think this is now resolved. Build 5.0.375.3 does not ask for
authentication. Is this
issue resolved?
chro...@googlecode.com
Comment #202 on issue 19 by cbent...@chromium.org: Automatic integrated
http://code.google.com/p/chromium/issues/detail?id=19
jadranko.dragoje: This is mostly supported but some users are still
reporting issues,
likely because we are not using the canonical name of the server in the SPN
we are
generating. See related bug 29862.
chro...@googlecode.com
Comment #203 on issue 19 by cbent...@chromium.org: Automatic integrated
http://code.google.com/p/chromium/issues/detail?id=19
I've landed a few patches which change how the Kerberos SPN is generated by
Chrome,
which will hopefully fix the issues some of you are having with SSO
authentication.
I'll update the thread after there's a build available for you to test
with. Thanks
again for all the feedback.
chro...@googlecode.com
Comment #204 on issue 19 by cbent...@chromium.org: Automatic integrated
http://code.google.com/p/chromium/issues/detail?id=19
todd.giles, dariush.pietrzak, and others: Would you be able to test whether
a test
build of Chromium solves your problem?
You can retrieve the build from
http://build.chromium.org/buildbot/snapshots/chromium-
rel-xp/44542/chrome-win32.zip
chro...@googlecode.com
Comment #205 on issue 19 by cbent...@chromium.org: Automatic integrated
http://code.google.com/p/chromium/issues/detail?id=19
More detailed directions for testing.
http://build.chromium.org/buildbot/snapshots/chromium-rel-xp/44542
1. Download the chrome-win32.zip file.
2. Open the chrome-win32.zip file and extract all files.
3. If you're running Chrome, shut it down.
4. Change into the resulting chrome-win32 folder, and run the
chrome.exe file in that folder.
5. Type "about:version" in the location bar and verify it is
"5.0.378.0 (Developer Build 44542)".
chro...@googlecode.com
Comment #212 on issue 19 by cbent...@chromium.org: Automatic integrated
http://code.google.com/p/chromium/issues/detail?id=19
I'm glad this is working for many of you. There's no need for any further
positive
acknowledgement. Please feel free to add additional comments if you are
still running
into problems.
dev channel: Working on it and I'll post back here once it's ready.
sypsyp: I'm pretty confused why you are being presented with a password
prompt if IE
thinks the server is in the local intranet zone. Please open another bug or
email me
off-list.
chro...@googlecode.com
Comment #214 on issue 19 by lukemorey: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
hostname.
eg the URL I'm visiting is http://intranet/ but it's hosted in a
Windows/IIS server
called server01. intranet is a DNS CNAME to server01. IE handles this
transparently,
I'm not sure how.
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/a/chromium.org/group/chromium-bugs
chro...@googlecode.com
Comment #215 on issue 19 by boyualex: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
authentication with another user account. Is there any way I can do that?
or some
command line switch?
chro...@googlecode.com
Comment #216 on issue 19 by cbent...@chromium.org: Automatic integrated
http://code.google.com/p/chromium/issues/detail?id=19
instructions in
comment #205) and this isn't working, could you try running with
--disable-auth-
negotiate-cname-lookup
boyualex: You can try adjusting what zone the host is in to force a
password prompt.
There is no command line option to disable this behavior currently.
chro...@googlecode.com
Comment #217 on issue 19 by vittalaithal: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
One thing to consider is that in LAN, there may be network tunnels
configured to
untrusted networks that also use a private address space - e.g. a
contractor VPN's
into a client's network from their own LAN. Automatically whitelisting
would not
necessarily be what is desired.
chro...@googlecode.com
Comment #219 on issue 19 by lukemorey: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
http://server01/ authenticates transparently
http://intranet/ does not, where intranet is a CNAME for server01.
I'm running Windows 7 64 bit
I've tested build 44542 and latest build 44898
--disable-auth-negotiate-cname-lookup doesn't help
Is there other useful info I can provide?
chro...@googlecode.com
Comment #220 on issue 19 by lukemorey: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
WWW-Authenticate
headers don't seem to be asking for Kerberos so I suspect SPNs don't come
into the
picture.
The server http://intranet/ requested auth
Has header WWW-Authenticate: Negotiate
Has header WWW-Authenticate: NTLM
Has header WWW-Authenticate: Basic realm="intranet"
The server http://server01/ requested auth
Has header WWW-Authenticate: Negotiate
Has header WWW-Authenticate: NTLM
Has header WWW-Authenticate: Basic realm="server01"
chro...@googlecode.com
Comment #221 on issue 19 by lukemorey: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
symptoms. Maybe
the specific text in the authentication prompt is relevant.
Authentication Required
The server intranet:80 requires a username and password.
User name: _______
Password: ________
ie It doesn't say "at (some realm)"
chro...@googlecode.com
Comment #224 on issue 19 by ColinAndMelissaCole: Automatic integrated
http://code.google.com/p/chromium/issues/detail?id=19
stable/beta!!!
chro...@googlecode.com
Comment #225 on issue 19 by ColinAndMelissaCole: Automatic integrated
http://code.google.com/p/chromium/issues/detail?id=19
will there
be a way create an extension that would only apply to these sites? If not,
no problem;
i'm just curious.
chro...@googlecode.com
Status: Verified
Comment #226 on issue 19 by mberkow...@chromium.org: Automatic integrated
http://code.google.com/p/chromium/issues/detail?id=19
chro...@googlecode.com
Comment #228 on issue 19 by piotr.skamruk: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
We are patiently waiting...
chro...@googlecode.com
Comment #229 on issue 19 by cbent...@chromium.org: Automatic integrated
http://code.google.com/p/chromium/issues/detail?id=19
certain
security zones is not possible right now. Can you enter a feature request
for that if
one doesn't already exist.
russell2pi: I'm sorry that this isn't working for you. However, I don't
think the
beta channel has this feature yet - the dev channel will. You actually
described two
issues: the first is the Integrate Authentication was not working on the
proxy, which
would be considered part of this issue. The second issue is that Chrome
should
combine multiple authentication challenges from the same server (and scheme
and
realm) into one username/password dialog box. Issue 39440 seems to be about
this.
piotr.skamruk: You are correct, this is not working on krb5 (and gssapi
more broadly)
yet.
chro...@googlecode.com
Comment #231 on issue 19 by cbent...@chromium.org: Automatic integrated
http://code.google.com/p/chromium/issues/detail?id=19
mssql
integrated auth. I assumed that the auth was for Chrome authenticating to
an IIS web
app. Is the web app doing impersonation and that is where the failure is
happening?
chro...@googlecode.com
Comment #232 on issue 19 by igitur: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
sites, while
others work 100%. I attach a Wireshark trace of the first attempt. Sorry, I
don't know
the SPN.
I have confirmed that *.mycompany.co.za is listed under Intranet Zone under
Internet
Options. I had to do this to get the other .mycompany.co.za sites working.
Attachments:
autontlmfail.txt 2.4 KB
chro...@googlecode.com
Comment #236 on issue 19 by igitur: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
_auto_
authentication part fails.
chro...@googlecode.com
Comment #237 on issue 19 by ryster092: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
technology
in the Chrome Installer / Google Updater too. I just tried installing
Chrome on a PC
behind my company's proxy server that requires active directory
authentication.
The installer prompted me for authentication credentials which I suppliedd
(I
entered domain\username and my password). The prompt went away but the
installer
just hung for 2-3 minutes, then eventually failed with unable to connect.
In the meantime, can somebody please post a link to the standalone
installer for the
current Dev channel build. Thanks :)
p.s. Great work, I love Chrome and feel dirty if I'm forced to use any
other browser
now :)
chro...@googlecode.com
Comment #238 on issue 19 by ryster092: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
me after a
long period of trying to connect is: "The Google Chrome installer could not
connect
to the Internet because a proxy server required user authentication. Please
configure the proxy server to allow network access and try again or contact
your
network administrator. Error code = 0x80042197"
It would be nice (and alleviate some of the annoyance) if this particular
error also
affered a link to the standonline/offline installer for the version you are
attempting to install.
chro...@googlecode.com
Comment #239 on issue 19 by ryster092: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
have
obtained the 5.0.378.0 build of Chromium and am testing it on my work
computer.
Unfortunately the NTLM passthrough stuff is still not working in my
scenario.
Our proxy server is called blox.jcb.local and is on port 80. This proxy
server
requires Active Directory (NTLM) authentication. When I attempt to access
any web
page, I get an Authentication Required pop up saying "The server
blox.jcb.local:80
requires a username and password." In this circumstance, the server asking
for
authentication (blox.jcb.local) is not the same as the server I am
attempting to
access (www.neowin.net), that's how proxy servers work after all.
More worryingly is that even if I enter my username and password in the
format
domain\username for the User Name field, it seems to ignore what I enter
and just
prompts me over and over, until I hit cancel a few times. At which point
our proxy
server gives us the customary Access Denied page instead. "ACCESS DENIED.
Access has
been blocked because: Authentication failed - username or password
incorrect"
Come on guys, we can't consider using Chrome, even in testing at our
organisation
until this issue is resolved.
chro...@googlecode.com
Comment #244 on issue 19 by francip: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
them fails,
wouldn't it be prudent to fall back to the other before asking the user for
credentials?
Also, if both Negotiate and NTLM are present, I'd expect the NTLM to be the
with higher
priority than Negotiate. Thought I can see how this one can go both ways.
I'd certainly
prefer if NTLM was not even considered for websites in the Internet
zone. :-)
chro...@googlecode.com
Comment #247 on issue 19 by francip: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
of the WWW-
Authenticate: NTLM header. I run quick test where I modified the response
and removed
the NTLM header and left only the Negotiate. The sequence still failed. So
it appears
that the problem is somewhere in the negotiation sequence itself.
A quick comparison between an IE request and a Chrome request to the same
site shows
indeed that the first two request/response pairs after the Negotiate are
quite
similar (with very small differences in the tokens). However, after the
negotiation,
IE sends a third request that has an Authorization header with a token, to
which IIS
replies with HTTP 200. Chrome though sends the third request without the
Authorization header, to which IIS replies again (and rightfully so) with
HTTP 401
and the WWW-Authenticate header.
So it looks like the SPNEGO/NTLM tokens exchange works (at least it looks
right in
Fiddler :-)), but Chrome "forgets" to send the Authorization header with
the last
request after the negotiation is finished.
Of course, there might be a good reason why Chrome wouldn't send the
Authorization
header with the last request. However, it would be interesting to
understand why it
happens.
chro...@googlecode.com
Comment #248 on issue 19 by tmrhymer: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
supported?
chro...@googlecode.com
Comment #250 on issue 19 by baron19: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
Sharepoint site
I'm able to get it to where it won't send my credentials through properly.
The Sharepoint setup:
Since we are using Sharepoint 2007 it doesn't natively handle SRS 2008
reports using
the reports web part. To get around that we just use a page viewer web
part and
point it to the url for the report. This works great using IE. When
viewing the
page via Chrome the passing of credentials to the report seems to be hit
and miss. I
frequently get data source errors (due to the credentials not being
passed), however
if I keep hitting refresh on the page over and over it seems to eventually
pass them.
However if I just open IE Tab on the page inside Chrome the reports render
fine, then
I can bring the page up normally and it still works.
chro...@googlecode.com
Comment #251 on issue 19 by Adam.Wheat: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
@francip, I'm having the same issue, and have narrowed it down to the
Negotiate
functionality. One of my sites only uses WWW-Authenticate: NTLM, and
handles
automatic login using integrated auth perfectly. Several other sites that
send both
WWW-Authenticate: Negotiate and WWW-Authenticate: NTLM prompt for
credentials.
This bug needs to be reopened until the Negotiate behavior is fixed.
chro...@googlecode.com
Status: Assigned
Comment #252 on issue 19 by cbent...@chromium.org: Automatic integrated
windows authentication (aka automatic NTLM / Negotiate Auth support)
http://code.google.com/p/chromium/issues/detail?id=19
I'll reopen.
chro...@googlecode.com
chro...@googlecode.com
Comment #254 on issue 19 by OCaraveo: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
I've attached my annoyance due to this issue, it only happens with Chrome
(not IE or
Firefox). This is happening because Chrome doesn't fully implement NTLM
authentication,
correct?
3rd year's a charm --please fix! :)
Attachments:
iPrism_authentication.png 154 KB
chro...@googlecode.com
Comment #255 on issue 19 by OCaraveo: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
(No comment was entered for this change.)
Attachments:
iPrism_authentication.png 173 KB
chro...@googlecode.com
Comment #256 on issue 19 by igitur: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
cbent...@chromium.org: Let me know when you have that utility ready as per
comment 246
chro...@googlecode.com
Comment #258 on issue 19 by gastlyGem: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
Maybe this sounds weird, but sometimes I do need manual authentications..
How do I bring the user name and password prompt back to Chrome 5/6?
chro...@googlecode.com
Comment #260 on issue 19 by OCaraveo: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
Yay! It's working for me as of these past couples of days. --v5.0.375.99
chro...@googlecode.com
Comment #261 on issue 19 by beethoven07: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
The dev channel (6.0.458.1) now crashes each time an internal NTLM site is
visited. I did not see this on previous dev builds.
chro...@googlecode.com
Comment #263 on issue 19 by przemelek: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
Newest dev version 6.0.466.0 dev
HTTPS over NTLM doesn't work. Chrome didn't ask for credentials, it simply
doesn't work.
When I tried to use "--disable-auth-negotiate-cname-lookup" and tried to
refresh page whole browser crashed :-)
chro...@googlecode.com
Comment #264 on issue 19 by cbent...@chromium.org: Automatic integrated
http://code.google.com/p/chromium/issues/detail?id=19
Steve: Do you think the SSLClientSocketPool crash is the cause of issues
for #263? This also sounds like an HttpProxyClientSocket issue with
tunneling and authentication.
chro...@googlecode.com
Cc: vand...@chromium.org
Comment #265 on issue 19 by cbent...@chromium.org: Automatic integrated
windows authentication (aka automatic NTLM / Negotiate Auth support)
http://code.google.com/p/chromium/issues/detail?id=19
(No comment was entered for this change.)
chro...@googlecode.com
Comment #267 on issue 19 by baron19: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
Most recent build appears to have fixed the issue. I no longer crash when
using NTLM authentication.
chro...@googlecode.com
Comment #268 on issue 19 by roman.rodov: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
458.1 dev just plain crashes all the time.
466.0 dev cannot access any SSL secured sites from work (behind NTLM proxy,
WebMarshal). I've logged an issue
http://code.google.com/p/chromium/issues/detail?id=49493.
All subsequent builds after 466.0 cannot access SSL secured sites with a
slightly different error. The last build that works for me is 453.1 dev.
chro...@googlecode.com
Comment #269 on issue 19 by cbent...@chromium.org: Automatic integrated
http://code.google.com/p/chromium/issues/detail?id=19
roman.rodov: Thanks for the report. I will try to repro locally, although
with a SQUID proxy rather than WebMarshal. If that doesn't work I may ask
you for more detailed information.
chro...@googlecode.com
Comment #270 on issue 19 by Sarkie: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
If I don't have my proxy enabled, I cannot access SSL based sites, but I
can in IE or FF, I think its related to this patch, as I was getting the
crash error last week.
What can I do to get more details?
chro...@googlecode.com
Comment #271 on issue 19 by cbent...@chromium.org: Automatic integrated
http://code.google.com/p/chromium/issues/detail?id=19
Sarkie: You can go to about:net-internals in chrome and click "Dump To
Text" to show output details. Rather than adding to this already long bug,
please send to van...@chromium.org and cben...@chromium.org. Also, please
scrub out any data you don't want us to see.
chro...@googlecode.com
Comment #272 on issue 19 by cbent...@chromium.org: Automatic integrated
http://code.google.com/p/chromium/issues/detail?id=19
OSX and Linux users: Negotiate authentication has been added to Chrome, and
we'd appreciate it if you tested it and let us know of any issues.
This isn't in dev channel yet, but it is in the latest builds from the
Chromium trunk (after r53024)
http://build.chromium.org/buildbot/continuous/mac/LATEST/chrome-mac.zip
http://build.chromium.org/buildbot/continuous/linux/LATEST/chrome-linux.zip
http://build.chromium.org/buildbot/continuous/linux64/LATEST/chrome-linux.zip
The SVN revision should be r53024 or later.
You need to specify --auth-server-whitelist on the command line for servers
you want to authenticate to (proxies are automatically authenticated to).
For example, --auth-server-whitelist="*.intranet.example.com" will
whitelist any host in the intranet.example.com domain.
This dynamically loads your system GSSAPI library the first time a
Negotiate authentication challenge is seen: libgssapi_krb5.dylib on OSX,
and one of libgssapi_krb5.so.2, libgssapi.so.4, or libgssapi.so.1 on Linux.
chro...@googlecode.com
Status: Fixed
Comment #274 on issue 19 by cbent...@chromium.org: Automatic integrated
windows authentication (aka automatic NTLM / Negotiate Auth support)
http://code.google.com/p/chromium/issues/detail?id=19
At this point I am going to declare this particular issue fixed. The
general feature has been implemented on all platforms. There are some known
issues, but they are being tracked in more tightly focused bugs.
If any of you encounter issues with the Negotiate authentication scheme or
Integrated Authentication in general, please enter specific bugs.
chro...@googlecode.com
Comment #278 on issue 19 by dphugo: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
I took a chance and upgraded from Chrome v5 to Chrome v6.0.472.51 beta.
The installation was fine, but I can't access any sites. I'm behind a proxy
and normally a prompt would come up the first time I open Chrome asking
(and saving) my login details to go through the proxy.
Is it the Proxy or another bug?
There is now no prompt and I get the following error message:
This webpage is not available.
The webpage at http://mail.google.com/ might be temporarily down or it may
have moved permanently to a new web address.
More information on this error
Below is the original error message
Error 9 (net::ERR_UNEXPECTED): Unknown error.
chro...@googlecode.com
Comment #281 on issue 19 by diehard2: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
Hello, this feature has stopped working for me over the last couple of
weeks.
chro...@googlecode.com
Comment #282 on issue 19 by diegocambronero: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
I have been browsing for more than 3 hours to find a solutions and there is
not a solution. Chrome sucks im moving back to firefox.
chro...@googlecode.com
Comment #283 on issue 19 by rastislav.maskal: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
in version 6.0.472.63 not promting to save Basic authetntication, which was
working fine in previous major version :(
chro...@googlecode.com
Comment #289 on issue 19 by cben...@chromium.org: Automatic integrated
http://code.google.com/p/chromium/issues/detail?id=19
nissan370zfan: Could you enter a separate bug for Chrome attempting to
retrieve favicon.ico for non-HTML pages [this is completely unrelated to
authentication, although there is a bug to disable authentication prompts
if there are problems retrieiving favicon].
HTML pages can specify a different location for favicon with <link
rel="icon"> elements, but by default they are at the root of the server.
chro...@googlecode.com
Comment #290 on issue 19 by nissan370zfan: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
It is related to authentication in my case because the users are
authenticated only off the subdomain and not the root; thus it is causing
authentication to pop-up. I will create a separate bug.
chro...@googlecode.com
Comment #291 on issue 19 by cben...@chromium.org: Automatic integrated
http://code.google.com/p/chromium/issues/detail?id=19
What you described was a sub-path. not a sub-domain.
chro...@googlecode.com
Comment #292 on issue 19 by Ben.Lings: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
Authentication to a local NTLM authenticated web site has stopped working
for me with dev channel release 9.0.587.0. It was working in the previous
version.
I now get a login dialog (but only once for each host) when it used to
authenticate automatically.
chro...@googlecode.com
Comment #293 on issue 19 by cben...@chromium.org: Automatic integrated
http://code.google.com/p/chromium/issues/detail?id=19
Ben.Lings: Thanks for the report, I'll try to repro locally. Just to
confirm, it's a server rather than proxy which is experiencing issues? Is
it https or http?
chro...@googlecode.com
Comment #294 on issue 19 by adrianjmartin: Automatic integrated windows
http://code.google.com/p/chromium/issues/detail?id=19
Just click the update to 9.0.587.0 and as Ben.Lings found out NTLM fails
against an intranet server :-(
http -> server
chro...@googlecode.com
Comment #300 on issue 19 by cben...@chromium.org: Automatic integrated
http://code.google.com/p/chromium/issues/detail?id=19
je...@jeffmartin.com: Have you specified --auth-server-whitelist (and
--auth-negotiate-delegate-whitelist from your description)?
chro...@googlecode.com
Comment #301 on issue 19 by j...@jeffmartin.com: Automatic integrated
http://code.google.com/p/chromium/issues/detail?id=19
i have tried both of those settings now... (at the same time) and set it to
servers specified by my IT dept for making firefox work (which it does)
their directions specify putting these servers in:
network.automatic-ntlm-auth.trusted-uris
network.negotiate-auth.trusted-uris
network.negotiate-auth.delegation-uris
They are all local intranet server addresses and it seems like they should
be in the intranet zone. The error message that comes back from bluecoat
doesn't have my username and that is seeming to indicate that my login
isn't being passed. Thanks for your help with this.
chro...@googlecode.com
Comment #302 on issue 19 by cben...@chromium.org: Automatic integrated
http://code.google.com/p/chromium/issues/detail?id=19
Thanks Jeff. I'll email you directly to help diagnose the problem.