Kerberos Authentication on Mac OS X with Google Chrome
Article adapated from Jeff Geerling (http://www.jeffgeerling.com/blogs/jeff-geerling/kerberos-authentication-mac-os):
Kerberos authentication allows your computer to log into certain services automatically without you having to enter (and re-enter) your password (it’s a SSO—single sign-on—service). Kerberos v5 is baked into Windows and Internet Explorer and works great with many LDAP-enabled services (for example, Drupal’s LDAP module allows includes a submodule for SSO support).
So using Jeff’s article I’ve modified it slightly for use in my environment, I created a script uploaded it to the JSS and assigned it all machines at login:
#!/bin/sh loggedInUser=`python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None]); username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "\n");'` echo $loggedInUser sudo -u $loggedInUser defaults write com.google.Chrome AuthServerWhitelist "YOUR ADFS URL HERE" sudo -u $loggedInUser defaults write com.google.Chrome AuthNegotiateDelegateWhitelist "YOUR ADFS URL HERE" echo $(date) exit 0
Just copy and paste the above script and replace the “YOUR ADFS URL HERE” to well your ADFS url.
To confirm it worked, log into a machine open chrome and type chrome://policy you’ll now see your two configured entries in your policy list: