Selenium tests with kinit + chromedriver

Question

I am using a java selenium program while running on a Linux VM to test a web site through Google Chrome.

This site requires Kerberos authentication.

I need ChromeDriver to create instances of chrome that have my valid keytab + etc.

KEYTAB_FILE_PATH="/home/me/my.keytab"
KERBEROS_PRINCIPAL_NAME="HTTP/myuser@MY.DOMAIN.COM"
kinit -kt "${KEYTAB_FILE_PATH}" "${KERBEROS_PRINCIPAL_NAME}"
echo "Kerberos kinit login was successful!"
java -jar myapp.jar

The chrome web driver creates a chrome that does not seem to have a valid kerberos ticket.

Is there some way to make sure that my kerberos ksession is passed to the chrome process forked by the chromedriver exe? What am I missing here?

Answer 1

The information I provided above is the correct way to handle Selenium tests that honor Negotiate authentication.

• Run a kinit
• Start your selenium java program after kinit had been run.
• In your selenium program, make sure the --auth-server-whitelist and --auto-negotiate-delegate-whitelist are properly set to allow your kerberos ticket provider to participate in the auth handshake. (For example, your active directory server).

This should cause all Chromium processes to also have the same kinit and will be able to do negotiate authentication.

However, there is a bug affecting many versions of chromium when running in Headless mode. https://bugs.chromium.org/p/chromium/issues/detail?id=924746

So if you revert to chromium 70.x, it will work. And though I have not verified, looks like this was fixed on a future version of chromium. So if you move to the latest version of Chromium, this should also fix the problem.