0

Is there a way to make Internet Explorer on Windows Phone 8 authenticate to a site using Windows Integrated Security Authentication with Kerberos through the Negotiate (SPNEGO) protocol?

It seems to support Negotiate fine, but it only ever chooses NTLM. (confirming using techniques from here)

On desktop browsers you typically have to opt-in to site to allow this type of authentication either through a whitelist of URLs (firefox, iOS7+ Safari, newer versions of Chrome) or through detection of an Intranet site (OSX Safari or non-phone IE).

Aardvark
  • 109
  • 3
  • Should be tagged as windows-phone-8, but I don't have the rep here, can someone create that tag and replace windows-phone-7 tag on this question? – Aardvark Aug 06 '14 at 16:17
  • Kerberos only works with domain machines - see this question http://stackoverflow.com/questions/14224580/iis-using-kerberos-with-client-computers-that-are-not-on-the-domain – Christopher_G_Lewis Aug 09 '14 at 04:19
  • @Christopher_G_Lewis iOS7 iPhones/iPads can do it http://stackoverflow.com/questions/18813517/single-sign-on-sso-in-ios-7. While the configuration of this can be done w/ a centralized MDM server, it's not like they join the domain. I made this work on my companies domain simply by emailing a .mobileconfig file to my iPhone. Example: http://samuelyates.wordpress.com/2013/10/11/kerberos-single-sign-on-in-ios-7/ My point being if Apple can do it, why not MS? – Aardvark Aug 09 '14 at 11:29
  • Samsung phones w/ Knox 2.0 reportedly can do this too. See https://www.samsungknox.com/en/blog/improved-single-sign-sso-samsung-knox I have a support ticket open w/ them since I can't make this work . (I may need to get a newer samsung device, support for Knox features varies greatly by device - I guess having 4 Samsung phones/tablets is not enough :eyeroll:) – Aardvark Aug 09 '14 at 11:34
  • Aardvark - seems like it might actually work - https://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&cad=rja&ved=0CDcQFjAB&url=http%3A%2F%2Fdownload.microsoft.com%2Fdownload%2FF%2F7%2F9%2FF79CA111-D960-4F7D-9F11-978D0B3E2895%2FS11%2520Network%2520Communication.pdf&ei=CxhUUdpByM6tB7y8gXg&usg=AFQjCNHSKLxx3l7SHaHZR2DwNp8iz2DJWw&bvm=bv.44342787,d.bmk but I haven't seen any further proof. – Christopher_G_Lewis Aug 09 '14 at 23:47

0 Answers0