d817c646bd
* sources: introduce new property mappings per-user and group Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * sources/ldap: migrate to new property mappings Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * lint-fix and make gen Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * web changes Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix tests Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * update tests Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * remove flatten for generic implem Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * rework migration Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * lint-fix Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * wip Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix migrations Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * re-add field migration to property mappings Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix migrations Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * more migrations fixes Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * easy fixes Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * migrate to propertymappingmanager Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * ruff and small fixes Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * move mapping things into a separate class Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * migrations: use using(db_alias) Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * migrations: use built-in variable Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * add docs Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * add release notes Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * wip Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * wip Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * wip Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * wip Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * wip Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * wip Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * wip Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * wip Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * lint Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix login reverse Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * wip Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * wip Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * refactor source flow manager matching Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * kerberos sync with mode matching Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fixup Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * wip Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * finish frontend Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Optimised images with calibre/image-actions * make web Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * add test for internal password update Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix sync tests Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix filter Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * switch to blueprints property mappings, improvements to frontend Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * some more small fixes Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix reverse Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * properly deal with password changes signals Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * actually deal with it properly Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * update docs Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * lint-fix Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * blueprints: realm as group: make it non default Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * small fixes and improvements Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * wip Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix title Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * add password backend to default flow Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * link docs page properly, add in admin interface, add suggestions for how to apply changes to a fleet of machines Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * add troubleshooting Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix default flow pass backend Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix flaky spnego tests Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * lint Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * properly convert gssapi name to python str Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix unpickable types Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * make sure the last server token is returned to the client Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * lint Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/developer-docs/setup/full-dev-environment.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/browser.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/browser.md Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/browser.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/browser.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/browser.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/browser.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/browser.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/browser.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/browser.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/browser.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/browser.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/browser.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/browser.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * Update website/docs/users-sources/sources/protocols/kerberos/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * more docs review Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix missing library Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix missing library again Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix web import Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix sync Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix sync v2 Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> * fix sync v3 Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> --------- Signed-off-by: Marc 'risson' Schmitt <marc.schmitt@risson.space> Co-authored-by: authentik-automation[bot] <135050075+authentik-automation[bot]@users.noreply.github.com> Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com>
44 lines
2.3 KiB
Markdown
44 lines
2.3 KiB
Markdown
---
|
|
title: Browser configuration for SPNEGO
|
|
---
|
|
|
|
You might need to configure your web browser to allow SPNEGO. Following are the instructions for major browsers.
|
|
|
|
## Firefox
|
|
|
|
1. In the address bar of Firefox, type `about:config` to display the list of current configuration options.
|
|
2. In the **Filter** field, type `negotiate` to restrict the list of options.
|
|
3. Double-click the `network.negotiate-auth.trusted-uris` entry to display the **Enter string value** dialog box.
|
|
4. Enter the name of the domain against which you want to authenticate. For example, `.example.com`.
|
|
|
|
On Windows environments, to automate the deployment of this configuration use a [Group policy](https://support.mozilla.org/en-US/kb/customizing-firefox-using-group-policy-windows). On Linux or macOS systems, use [policies.json](https://support.mozilla.org/en-US/kb/customizing-firefox-using-policiesjson).
|
|
|
|
## Chrome
|
|
|
|
This section applies only for Chrome users on macOS and Linux machines. For Windows, see the instructions below.
|
|
|
|
1. Make sure you have the necessary directory created by running: `mkdir -p /etc/opt/chrome/policies/managed/`
|
|
2. Create a new `/etc/opt/chrome/policies/managed/mydomain.json` file with write privileges limited to the system administrator or root, and include the following line: `{ "AuthServerWhitelist": "*.example.com" }`.
|
|
|
|
**Note**: if using Chromium, use `/etc/chromium/policies/managed/` instead of `/etc/opt/chrome/policies/managed/`.
|
|
|
|
To automate the deployment of this configuration use a [Group policy](https://support.google.com/chrome/a/answer/187202).
|
|
|
|
## Windows / Internet Explorer
|
|
|
|
Log into the Windows machine using an account of your Kerberos realm (or administrative domain).
|
|
|
|
Open Internet Explorer, click **Tools** and then click **Internet Options**. You can also find **Internet Options** using the system search.
|
|
|
|
1. Click the **Security** tab.
|
|
2. Click **Local intranet**.
|
|
3. Click **Sites**.
|
|
4. Click **Advanced**.
|
|
5. Add your domain to the list.
|
|
6. Click the **Security tab**.
|
|
7. Click **Local intranet**.
|
|
8. Click **Custom Level**.
|
|
9. Select **Automatic login only in Intranet zone**.
|
|
|
|
To automate the deployment of this configuration use a [Group policy](https://learn.microsoft.com/en-us/previous-versions/troubleshoot/browsers/administration/how-to-configure-group-policy-preference-settings).
|