My favorites | Sign in
Project Home Downloads Wiki Issues Code Search
New issue   Search
  Advanced search   Search tips   Subscriptions
Issue 131729: Automatic Active Directory SSO
3 people starred this issue and may be notified of changes. Back to list
Reported by, Jun 7, 2012
Version of Google Chrome: 19
Version of MSI:19
Using group policy settings? Yes

Chrome needs to be able to detect when its running on a user account thats on a Windows Active Directory Domain without the use of google third party applications and software so that the email address and password specified for that user is used automatically to log users into their google account without the user having to input their gmail address and password,this should be done even if Google Apps are not used so that users who have a address can still see the benefits without any other sofyware to install.

Chrome could first check the user account to see if its on a domain or not if so then check the email field on the users AD entry and if @ is used then chrome tries to login to gmail account with the same password as AD if their isnt a @gmail or the password doesnt correspond with the account then chrome should ignore this and operate as before.
Jun 7, 2012
This would mean that the AD would have to have passwords sync'ed with Google Apps.  Which may not be a big deal, I guess.

We've discussed this idea recently.  Adding others who are interested in this... is there a duplicate bug to this, or should we start tracking this behavior?

Jun 7, 2012
Passwords could be synced with AD and Google accounts with a server component instead of users installing software, server software could be installed so that users can have this feature and not just Google Apps users. I dont think their is a duplicate for this issue if so could they possibly be migrated together.
Jun 8, 2012
Note that AFAIK, there's now way to get the raw AD login password for the current user (that would be a major security disaster). We've discussed who to get SSO going internally before, and one promising solution is to do a Kerberos handshake (assuming you've enabled your Google Apps domain for SAML).
Status: Available
Labels: OS-Windows
Mar 10, 2013
(No comment was entered for this change.)
Labels: -Feature-Enterprise Cr-Enterprise
Mar 26, 2014
Interesting integration idea with AD to do Chrome SSO, although not sure how that works with multi-profile.
Labels: -Type-Bug Type-Feature
Sign in to add a comment

Powered by Google Project Hosting