Allows you to specify a list of url patterns that specify sites for which a client certificate is automatically selected on the sign-in screen in the frame hosting the SAML flow, if the site requests a certificate. An example usage is to configure a device-wide certificate to be presented to the SAML IdP.
The value must be an array of stringified JSON dictionaries. Each dictionary must have the form '{ "pattern": "$URL_PATTERN", "filter" : $FILTER }', where $URL_PATTERN is a content setting pattern. $FILTER restricts from which client certificates the browser will automatically select. Independent of the filter, only certificates will be selected that match the server's certificate request. If $FILTER has the form '{ "ISSUER": { "CN": "$ISSUER_CN" } }', additionally only client certificates are selected that are issued by a certificate with the CommonName $ISSUER_CN. If $FILTER is the empty dictionary {}, the selection of client certificates is not additionally restricted.
If this policy is left not set, no auto-selection will be done for any site.
See https://cloud.google.com/docs/chrome-enterprise/policies/?policy=DeviceLoginScreenAutoSelectCertificateForUrls for more information about schema and formatting.
Example value:
{"pattern":"https://www.example.com","filter":{"ISSUER":{"CN":"certificate issuer name"}}}
Registry Hive | HKEY_LOCAL_MACHINE |
Registry Path | Software\Policies\Google\ChromeOS\DeviceLoginScreenAutoSelectCertificateForUrls |
Value Name | {number} |
Value Type | REG_SZ |
Default Value |