Simple app and scripts used to test Kerberos auth on Chrome and WebView.
See the next section for more info about the app.
ninja -C out/Debug spnego_authenticator_apk
adb install -r out/Debug/apks/SpnegoAuthenticator.apk
$CHROMIUM_SRC/tools/android/kerberos/negotiate_test_server.py
-
With command line arguments
$CHROMIUM_SRC/build/android/adb_chrome_public_command_line \ '--auth-server-whitelist="*" \ --auth-spnego-account-type="org.chromium.tools.SpnegoAuthenticator"'
-
By setting policies
The policies to set are:
- AuthServerWhitelist:
*
- AuthAndroidNegotiateAccountType:
org.chromium.tools.SpnegoAuthenticator
To set them you have to be able to set restrictions for apps on the device. This can be achieved using the TestDPC app (Play store, Github), which is made for testing enterprise related Android features, including app restrictions.
Set it up, then search for Chrome under "Manage app restrictions", tap "Load manifest restrictions" and change the value for the restrictions mentioned above.
- AuthServerWhitelist:
- Go to chrome://inspect
- Click Port forwarding
8080
tolocalhost:8080
should be prefilled- Check Enable port forwarding and click Done
- Go to http://localhost:8080
- The page will display whether or not it managed to talk to the SPNEGO authenticator
This app declares and sets up an accounts to be used for Negotiate auth, as
described in the chromium.org wiki
(Writing a SPNEGO Authenticator for Chrome on Android).
Those accounts use the type org.chromium.tools.SpnegoAuthenticator
.
Features:
- Set up up to 2 accounts.
- Account 1 will start authenticated.
- Account 2 will start unauthenticated. The first token request will require an additional confirmation step.
- Accounts can be added and removed from the Android account settings screen