From 38085bd210d38ac02311fac25e110497ba12432e Mon Sep 17 00:00:00 2001 From: Oleh Fedorenko Date: Thu, 9 Jul 2026 13:24:00 +0000 Subject: [PATCH] Replace inline Chrome SSO config with link to upstream RHEL 9 IDM docs The Chrome-specific command line options (--auth-server-whitelist, --auth-negotiate-delegate-whitelist) were renamed since Chrome 101+. Replace the inline procedure with a prerequisite linking to the RHEL 9 Identity Management documentation, matching the pattern already used for Firefox instead of maintaining the option names. Moreover, the IdM steps suggest to create a configuration file instead of launching Chrome with those options, so we shouldn't suggest something else. --- ...web-ui-with-freeipa-credentials-in-chrome.adoc | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/guides/common/modules/proc_logging-in-to-the-web-ui-with-freeipa-credentials-in-chrome.adoc b/guides/common/modules/proc_logging-in-to-the-web-ui-with-freeipa-credentials-in-chrome.adoc index 728a5c40404..31acd5e4016 100644 --- a/guides/common/modules/proc_logging-in-to-the-web-ui-with-freeipa-credentials-in-chrome.adoc +++ b/guides/common/modules/proc_logging-in-to-the-web-ui-with-freeipa-credentials-in-chrome.adoc @@ -12,20 +12,13 @@ Use the latest stable Chrome browser. * You have {FreeIPA} authentication configured in your {Project} environment. For more information, see xref:configuring-kerberos-sso-with-{FreeIPA-context}-in-{project-context}[]. * The host on which you are using Chrome is a client in the {FreeIPA} domain. +* Your Chrome browser is configured for Single Sign-On (SSO). +ifdef::satellite[] +For more information, see https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html-single/accessing_identity_management_services/index#configuring-the-browser-for-kerberos-authentication-login-web-ui-krb[Configuring the browser for Kerberos authentication] in _Accessing Identity Management services in {RHEL}{nbsp}9_. +endif::[] .Procedure . To use Kerberos authentication to log in: -.. Enable the Chrome browser to use Kerberos authentication: -+ -[options="nowrap", subs="+quotes,verbatim,attributes"] ----- -$ google-chrome --auth-server-whitelist="\*._example.com_" --auth-negotiate-delegate-whitelist="*._example.com_" ----- -+ -[NOTE] -==== -Instead of allowlisting the whole domain, you can also allowlist a specific {ProjectServer}. -==== .. Obtain the Kerberos ticket-granting ticket (TGT): + [options="nowrap", subs="+quotes,verbatim,attributes"]