caption: Automatically select client certificates for these sites
desc: |-
Setting the policy lets you make a list of URL patterns that specify sites for which Chrome can automatically select a client certificate. The value is an array of stringified JSON dictionaries, each with the form <ph name="AUTO_SELECT_CERTIFICATE_FOR_URLS_EXAMPLE">{ "pattern": "$URL_PATTERN", "filter" : $FILTER }</ph>, where <ph name="URL_PATTERN_PLACEHOLDER">$URL_PATTERN</ph> is a content setting pattern. <ph name="FILTER_PLACEHOLDER">$FILTER</ph> restricts the client certificates the browser automatically selects from. Independent of the filter, only certificates that match the server's certificate request are selected.
Examples for the usage of the <ph name="FILTER_PLACEHOLDER">$FILTER</ph> section:
* When <ph name="FILTER_PLACEHOLDER">$FILTER</ph> is set to <ph name="AUTO_SELECT_CERTIFICATE_FOR_URLS_FILTER_EXAMPLE">{ "ISSUER": { "CN": "$ISSUER_CN" } }</ph>, only client certificates issued by a certificate with the CommonName <ph name="ISSUER_CN_PLACEHOLDER">$ISSUER_CN</ph> are selected.
* When <ph name="FILTER_PLACEHOLDER">$FILTER</ph> contains both the <ph name="ISSUER_STRING_VALUE">"ISSUER"</ph> and the <ph name="SUBJECT_STRING_VALUE">"SUBJECT"</ph> sections, only client certificates that satisfy both conditions are selected.
* When <ph name="FILTER_PLACEHOLDER">$FILTER</ph> contains a <ph name="SUBJECT_STRING_VALUE">"SUBJECT"</ph> section with the <ph name="FILTER_STRING_ORGANIZATION">"O"</ph> value, a certificate needs at least one organization matching the specified value to be selected.
* When <ph name="FILTER_PLACEHOLDER">$FILTER</ph> contains a <ph name="SUBJECT_STRING_VALUE">"SUBJECT"</ph> section with a <ph name="FILTER_STRING_ORGANIZATIONAL_UNIT">"OU"</ph> value, a certificate needs at least one organizational unit matching the specified value to be selected.
* When <ph name="FILTER_PLACEHOLDER">$FILTER</ph> is set to <ph name="EMPTY_DICTIONARY">{}</ph>, the selection of client certificates is not additionally restricted. Note that filters provided by the web server still apply.
Leaving the policy unset means there's no autoselection for any site.
example_value:
- '{"pattern":"https://www.example.com","filter":{"ISSUER":{"CN":"certificate issuer
name", "L": "certificate issuer location", "O": "certificate issuer org", "OU":
"certificate issuer org unit"}, "SUBJECT":{"CN":"certificate subject name", "L":
"certificate subject location", "O": "certificate subject org", "OU": "certificate
subject org unit"}}}'
features:
dynamic_refresh: true
per_profile: true
future_on:
- fuchsia
owners:
- file://components/policy/OWNERS
- [email protected]
schema:
items:
type: string
type: array
supported_on:
- chrome.*:15-
- chrome_os:15-
tags:
- website-sharing
type: list
validation_schema:
items:
properties:
filter:
properties:
ISSUER:
$ref: CertPrincipalFields
SUBJECT:
$ref: CertPrincipalFields
type: object
pattern:
type: string
type: object
type: array
Codebase Browser
chromium