Article adapated from Jeff Geerling (http://www.jeffgeerling.com/blogs/jeff-geerling/kerberos-authentication-mac-os):

Kerberos authentication allows your computer to log into certain services automatically without you having to enter (and re-enter) your password (it’s a SSO—single sign-on—service). Kerberos v5 is baked into Windows and Internet Explorer and works great with many LDAP-enabled services (for example, Drupal’s LDAP module allows includes a submodule for SSO support).

So using Jeff’s article I’ve modified it slightly for use in my environment, I created a script uploaded it to the JSS and assigned it all machines at login:

#!/bin/sh
loggedInUser=`python -c 'from SystemConfiguration import SCDynamicStoreCopyConsoleUser; import sys; username = (SCDynamicStoreCopyConsoleUser(None, None, None) or [None])[0]; username = [username,""][username in [u"loginwindow", None, u""]]; sys.stdout.write(username + "\n");'`
echo $loggedInUser
sudo -u $loggedInUser defaults write com.google.Chrome AuthServerWhitelist "YOUR ADFS URL HERE"
sudo -u $loggedInUser defaults write com.google.Chrome AuthNegotiateDelegateWhitelist "YOUR ADFS URL HERE"
echo $(date)
exit 0

 

Just copy and paste the above script and replace the “YOUR ADFS URL HERE” to well your ADFS url.

To confirm it worked, log into a machine open chrome and type chrome://policy you’ll now see your two configured entries in your policy list:

Screen Shot 2016-06-04 at 22.45.20Screen Shot 2016-06-04 at 22.45.20