Skip to content

Instantly share code, notes, and snippets.

@jkonecny12

jkonecny12/vivaldi_and_sso.md

Last active January 12, 2021 16:04
Show Gist options
  • Save jkonecny12/720323e750e36caa32dd57be6c896188 to your computer and use it in GitHub Desktop.
Save jkonecny12/720323e750e36caa32dd57be6c896188 to your computer and use it in GitHub Desktop.
Download ZIP
How to manage policies on Vivaldi (Kerberos SSO)
Raw
vivaldi_and_sso.md

How to manage policies on Vivaldi (Kerberos, SSO)

I like Vivaldi. It is a nice modern browser. For me Vivaldi is the best, thanks to the possibilities it has like tabs in a tree structure and split screen inbuild. These are killer features for me! However, I struggled some time to enable Kerberos which is SSO mechanism heavily used in a company where I work. So I want to share with others how they can do that without spending hours by searching internet. This guide will show you how to set kerberos but it is not only for kerberos. By following this guide you can set basically wathever you need on system level.

To make kerberos work you need to specify two things to make it work:

  • AuthServerWhitelist
  • AuthNegotiateDelegateWhitelist

For more info look here 1 and 2. You have two ways how to set them.

Command line

vivaldi --auth-server-whitelist="*.mycompany.com" --auth-negotiate-delegate-whitelist="*.mycompany.com"

This is the simplest solution, however also the most annoying one because you need to change your executable or run vivaldi from command line all the time. It is however nice for testing purpose.

BEWARE: You must use the = format. The usual linux like syntax --auth-server-whitelist "*.mycompany.com" won't work and you have no feedback that the argument is not used :(.

Policies

The second way how to specify these configurations are policies. Policies can change almost any settings of all browsers on the system. Basically you need to create json file in specified directory and everything should work. To enable kerberos automatically we need only this:

{
    "AuthServerWhitelist": "*.mycompany.com",
    "AuthNegotiateDelegateWhitelist": "*.mycompany.com"
}

Please change mycompany.com in the above with your company DNS name. Then save this to the file with path:

/etc/chromium/policies/managed/mycompany.json

Again you can change the name to basically anything you want to. To be sure check if the owner and permissions are correct. I have root:root and (644). When this file is saved you need to just restart your Vivaldi browser and your kerberos should work without problem.

If you want to use policies for more than just to enable kerberos than please look here 3 and here 4.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment