While watching the recently concluded 2019 cricket world cup, I saw some ads for Alluva, which calls itself a prediction platform. I am not sure how it works, but that's not the point of this article. I signed up to Alluva and it had me create an account on MetaMask, to receive the Alluva tokens. There on MetaMask site, it was strongly encouraging using a new browser called Brave.
The browser in itself if based on Chromium project and they state that they have "taken almost all of Google from the Chrome."
I was intrigued. I am not the one to shy away from testing out new technologies. So I decided to take it for a spin. I downloaded it and took it for a spin. The first few sites all worked fine as the browser's core code base is Chrome itself. But the moment I tried to connect to my corporate sites, it started acting up. I faced two main issues while browsing:
- For any SSO enabled site, it started asking for username and password instead of taking the authentication from the kerberos ticket.
- For any SAML federation redirects, the redirects just failed and the site failed to work.
These issues were a deal breaker for me. For all the technology evangelism I just can't see myself using two browsers for my needs. I needed to have one browser. I was about to give up and go back to tried and tested Firefox. But I refused to give up. I asked myself, if Chrome works, then why not Brave? What is different in Brave that is causing the issue. I found the answer in one of the feature request on GitHub and a Brave Community post. Looks like when the browser code was compiled the developers disabled a couple of flags that are needed for SSO integration with kerberos and SAML redirects.
- --auth-server-whitelist
- --auth-negotiate-delegate-whitelist
When I tried to run the browser by running from command line and passing correct arguments for these parameters, everything worked fine. But again it is not very easy to always run it from the command line and all your settings are lost. So I was looking for an answer to make the process automatic and repeatable. I searched a lot of forums and help sites and I found the answer on superuser.com. This gives a step by step explanation of how to configure command line parameters for any application.
I tried both methods, and finally settled on the second method as the best method.
I created a small application using MacOS automator. It worked well. But I always had to launch the application from wherever I had saved it. Launching it from the Dock instead of from the actual location even after pinning it to the Dock defaulted to the original application launcher. The second method modifies the application bundle so it is a little risky but with enough due diligence and case, you can do it.
You can download the brave browser by clicking here.