How to configure the Chrome web browser to access TIBCO Spotfire Web Player using Kerberos for Delegation without parameters.

How to configure the Chrome web browser to access TIBCO Spotfire Web Player using Kerberos for Delegation without parameters.

book

Article ID: KB0076727

calendar_today

Updated On:

Products Versions
Spotfire Web Player All Versions

Description

When the TIBCO Spotfire Web Player is configured to use Kerberos for unconstrained delegation authentication, the Chrome web browser must be explicitly passed the Web Player server or domain. For this, the Chrome browser can be launched with the following parameters:

chrome.exe --auth-server-whitelist=".domain.com" --auth-negotiate-delegate-whitelist=".domain.com"

It is also possible to define this server whitelist in the registry to avoid having to launch Chrome with these parameters every time.

Issue/Introduction

How to configure the Chrome web browser to access TIBCO Spotfire Web Player using Kerberos for Delegation without parameters.

Resolution

Follow these instructions when using Google Chrome. Note that you must create and set a registry key for Google Chrome.

  1. The Spotfire Server you are connecting to must be located in the Intranet security zone.
  2. In the Registry Editor, go to [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome].
  3. Add the String Value AuthNegotiateDelegateWhitelist.
  4. Modify AuthNegotiateDelegateWhitelist and add the URL to the Spotfire Web Player. For example, "AuthNegotiateDelegateWhitelist"="myserver,myotherserver,*.mydomain.local" 
See attached (Filename: ChromeRegistryKeyUpdate.png) for the screenshot.

Additional Information

Doc: Enabling delegated Kerberos for Google Chrome External: Chromium Projects developer page:

Attachments

How to configure the Chrome web browser to access TIBCO Spotfire Web Player using Kerberos for Delegation without parameters. get_app
Powered by Wolken Software