tree: aad3db73bd5a01600ff24703294e42a0bbde87f6 [path history] [tgz]
  3. SpnegoAuthenticator/
  4. kerberos.gyp

Kerberos Test Utils

Simple app and scripts used to test Kerberos auth on Chrome and WebView.


1: Build and install the authenticator app

See the next section for more info about the app.

ninja -C out/Debug spnego_authenticator_apk
adb install -r out/Debug/apks/SpnegoAuthenticator.apk

2: Start the dummy server


3: Configure Chrome

  • With command line arguments

    $CHROMIUM_SRC/build/android/adb_chrome_public_command_line \
    '--auth-server-whitelist="*" \
  • By setting policies

    The policies to set are:

    • AuthServerWhitelist: *
    • AuthSpnegoAccountType:

    To set them you have to be able to set restrictions for apps on the device. This can be achieved using the TestDPC app (Play store, Github), which is made for testing enterprise related Android features, including app restrictions.

    Set it up, then search for Chrome under “Manage app restrictions”, tap “Load manifest restrictions” and change the value for the restrictions mentioned above.

4: Set up port forwarding via the Chrome inspector

  • Go to chrome://inspect
  • Click Port forwarding
  • 8080 to localhost:8080 should be prefilled
  • Check Enable port forwarding and click Done

5: Load the protected page

  • Go to http://localhost:8080
  • The page will display whether or not it managed to talk to the SPNEGO authenticator


This app declares and sets up an account type to be used for Negotiate auth. When Chrome makes a request for the account type, it returns the dummy account, allowing Chrome to continue the request.

See Writing a SPNEGO Authenticator for Chrome on Android on for more information.