Kerberos Ticket Hand-off No Good on Chrome on macOS XRenewing kerberos ticket without user interventionNTLM token sent instead of Kerberos ticketSquid Kerberos/LDAP Active Directory only works on IE not on Firefox and chromeGoogle Chrome and kerberos authentication against ApacheWill IE send a Kerberos ticket if not in a Domain?Get a user's kerberos ticket updated over VPNProxy Kerberos Authentication - Kerberos Service Ticket IssuesConfiguring Google Chrome to Connect to AD Configured with Kerberos and Using ADFSDelegation works on some browsers but not on othersHow to prevent browser password prompts when no Active Directory single-sign-on?

Split into three!

Computing elements of a 1000 x 60 matrix exhausts RAM

Way of refund if scammed?

Sony VAIO Duo 13 Wifi not working on Ubuntu 16.04

If a character has cast the Fly spell on themselves, can they "hand off" to the Levitate spell without interruption?

Singular Integration

Make the `diff` command look only for differences from a specified range of lines

Caught with my phone during an exam

Which are the advantages/disadvantages of includestandalone?

How to tease a romance without a cat and mouse chase?

Why is 'additive' EQ more difficult to use than 'subtractive'?

Is it OK to look at the list of played moves during the game to determine the status of the 50 move rule?

How to become an Editorial board member?

What pc resources are used when bruteforcing?

What is the winged creature on the back of the Mordenkainen's Tome of Foes book?

csname in newenviroment

Can a UK national work as a paid shop assistant in the USA?

Does attacking (or having a rider attack) cancel Charge/Pounce-like abilities?

Shell builtin `printf` line limit?

Why did Nick Fury not hesitate in blowing up the plane he thought was carrying a nuke?

How to test if argument is a single space?

(For training purposes) Are there any openings with rook pawns that are more effective than others (and if so, what are they)?

Is it normal to "extract a paper" from a master thesis?

What is this dime sized black bug with white on the segments near Loveland Colorodao?



Kerberos Ticket Hand-off No Good on Chrome on macOS X


Renewing kerberos ticket without user interventionNTLM token sent instead of Kerberos ticketSquid Kerberos/LDAP Active Directory only works on IE not on Firefox and chromeGoogle Chrome and kerberos authentication against ApacheWill IE send a Kerberos ticket if not in a Domain?Get a user's kerberos ticket updated over VPNProxy Kerberos Authentication - Kerberos Service Ticket IssuesConfiguring Google Chrome to Connect to AD Configured with Kerberos and Using ADFSDelegation works on some browsers but not on othersHow to prevent browser password prompts when no Active Directory single-sign-on?






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;








0















I am implementing Okta as a single-sign on provider in an enterprise environment of about 90 users. One of Okta's features is Desktop Single Sign On - the ability for users to be authenticated with Okta simply by virtue of having logged into their machine and thereby authenticating with the domain. The user simply opens a browser, goes to the company's Okta tenant URL, and they are logged in.



Without this feature, the user would be prompted for their credentials when loading up the Okta tenant URL.



DSSO is accomplished by the browser picking up a Kerberos ticket from the OS that itself is generated when the user authenticates with the Active Directory domain. The browser then hands this ticket back to the server, and the server communicates with the Okta cloud to authenticate the user.



The authentication flow in our environment goes like this:



  1. User logs into their machine. A kerberos ticket is generated upon login and authentication with the domain.

  2. User opens their browser, and either tries to access an Okta-protected/integrated app, or goes directly to their Okta portal.

  3. User is redirected by Okta to our load balancer, which terminates the request at the IWA web app on the web server

  4. IWA web app challenges the browser for authentication

  5. Browser grabs the Kerberos ticket from the OS and hands it to the load balancer, which passes it to the IWA web app

  6. IWA app validates the ticket and fetches user profile from AD

  7. IWA app generates and digitally signs an SSO token and sends it to the browser

  8. Browser returns the tokent to Okta via HTML form POST

  9. Okta completes the sign-in request and returns the user to the app with an SSO token

The process is failing on step 5, and I know this is the case because:



  1. Chrome prompts the user for NTLM credentials when the Okta tenant URL is requested

  2. This prompt happens before the IWA web app and the browser is configured properly for DSSO (per the documentation I linked at the beginning)

  3. The prompt does not happen on Chrome, Firefox, and Internet Explorer on Windows (DSSO works on Windows with Chrome, Firefox, and IE)

  4. This prompt does not happen in Safari on macOS X, but does happen with Chrome and Firefox in OS X

What I cannot figure out is why Chrome and Firefox are not picking up the Kerberos ticket from the OS in macOS X, but the same browsers in Windows are picking up the ticket without a hitch.



Steps I've tried:




  1. Setting Chrome's whitelist settings with the following terminal
    commands (recommended by Okta's documentation):



    $ defaults write com.google.Chrome AuthServerWhitelist
    "*.example.com"



    $ defaults write com.google.Chrome AuthNegotiateDelegateWhitelist
    "*.example.com"



  2. Setting Chrome's whitelist settings with SimpleMDM configuration push (this method actually succeeded in pushing the settings to Chrome - proven by going to chrome://policy and seeing the settings)

  3. Uninstalling anti-virus

  4. Adding every possible FQDN to the list of servers whitelisted in step 2 - first just the servers we have whitelisted in Windows (because Windows actually works), and then a list of Okta servers recommended by Okta support

I still cannot get this feature to work and I am now trying to figure out if there's a way to troubleshoot the process Chrome uses to pickup the Kerberos ticket from the OS. Some kind of debugger for Chrome's Kerberos ticket pickup mechanism would be great, but I imagine no such thing is available.






mac-osx kerberos google-chrome







share|improve this question




























    0















    I am implementing Okta as a single-sign on provider in an enterprise environment of about 90 users. One of Okta's features is Desktop Single Sign On - the ability for users to be authenticated with Okta simply by virtue of having logged into their machine and thereby authenticating with the domain. The user simply opens a browser, goes to the company's Okta tenant URL, and they are logged in.



    Without this feature, the user would be prompted for their credentials when loading up the Okta tenant URL.



    DSSO is accomplished by the browser picking up a Kerberos ticket from the OS that itself is generated when the user authenticates with the Active Directory domain. The browser then hands this ticket back to the server, and the server communicates with the Okta cloud to authenticate the user.



    The authentication flow in our environment goes like this:



    1. User logs into their machine. A kerberos ticket is generated upon login and authentication with the domain.

    2. User opens their browser, and either tries to access an Okta-protected/integrated app, or goes directly to their Okta portal.

    3. User is redirected by Okta to our load balancer, which terminates the request at the IWA web app on the web server

    4. IWA web app challenges the browser for authentication

    5. Browser grabs the Kerberos ticket from the OS and hands it to the load balancer, which passes it to the IWA web app

    6. IWA app validates the ticket and fetches user profile from AD

    7. IWA app generates and digitally signs an SSO token and sends it to the browser

    8. Browser returns the tokent to Okta via HTML form POST

    9. Okta completes the sign-in request and returns the user to the app with an SSO token

    The process is failing on step 5, and I know this is the case because:



    1. Chrome prompts the user for NTLM credentials when the Okta tenant URL is requested

    2. This prompt happens before the IWA web app and the browser is configured properly for DSSO (per the documentation I linked at the beginning)

    3. The prompt does not happen on Chrome, Firefox, and Internet Explorer on Windows (DSSO works on Windows with Chrome, Firefox, and IE)

    4. This prompt does not happen in Safari on macOS X, but does happen with Chrome and Firefox in OS X

    What I cannot figure out is why Chrome and Firefox are not picking up the Kerberos ticket from the OS in macOS X, but the same browsers in Windows are picking up the ticket without a hitch.



    Steps I've tried:




    1. Setting Chrome's whitelist settings with the following terminal
      commands (recommended by Okta's documentation):



      $ defaults write com.google.Chrome AuthServerWhitelist
      "*.example.com"



      $ defaults write com.google.Chrome AuthNegotiateDelegateWhitelist
      "*.example.com"



    2. Setting Chrome's whitelist settings with SimpleMDM configuration push (this method actually succeeded in pushing the settings to Chrome - proven by going to chrome://policy and seeing the settings)

    3. Uninstalling anti-virus

    4. Adding every possible FQDN to the list of servers whitelisted in step 2 - first just the servers we have whitelisted in Windows (because Windows actually works), and then a list of Okta servers recommended by Okta support

    I still cannot get this feature to work and I am now trying to figure out if there's a way to troubleshoot the process Chrome uses to pickup the Kerberos ticket from the OS. Some kind of debugger for Chrome's Kerberos ticket pickup mechanism would be great, but I imagine no such thing is available.






    mac-osx kerberos google-chrome







    share|improve this question
























      0












      0








      0








      I am implementing Okta as a single-sign on provider in an enterprise environment of about 90 users. One of Okta's features is Desktop Single Sign On - the ability for users to be authenticated with Okta simply by virtue of having logged into their machine and thereby authenticating with the domain. The user simply opens a browser, goes to the company's Okta tenant URL, and they are logged in.



      Without this feature, the user would be prompted for their credentials when loading up the Okta tenant URL.



      DSSO is accomplished by the browser picking up a Kerberos ticket from the OS that itself is generated when the user authenticates with the Active Directory domain. The browser then hands this ticket back to the server, and the server communicates with the Okta cloud to authenticate the user.



      The authentication flow in our environment goes like this:



      1. User logs into their machine. A kerberos ticket is generated upon login and authentication with the domain.

      2. User opens their browser, and either tries to access an Okta-protected/integrated app, or goes directly to their Okta portal.

      3. User is redirected by Okta to our load balancer, which terminates the request at the IWA web app on the web server

      4. IWA web app challenges the browser for authentication

      5. Browser grabs the Kerberos ticket from the OS and hands it to the load balancer, which passes it to the IWA web app

      6. IWA app validates the ticket and fetches user profile from AD

      7. IWA app generates and digitally signs an SSO token and sends it to the browser

      8. Browser returns the tokent to Okta via HTML form POST

      9. Okta completes the sign-in request and returns the user to the app with an SSO token

      The process is failing on step 5, and I know this is the case because:



      1. Chrome prompts the user for NTLM credentials when the Okta tenant URL is requested

      2. This prompt happens before the IWA web app and the browser is configured properly for DSSO (per the documentation I linked at the beginning)

      3. The prompt does not happen on Chrome, Firefox, and Internet Explorer on Windows (DSSO works on Windows with Chrome, Firefox, and IE)

      4. This prompt does not happen in Safari on macOS X, but does happen with Chrome and Firefox in OS X

      What I cannot figure out is why Chrome and Firefox are not picking up the Kerberos ticket from the OS in macOS X, but the same browsers in Windows are picking up the ticket without a hitch.



      Steps I've tried:




      1. Setting Chrome's whitelist settings with the following terminal
        commands (recommended by Okta's documentation):



        $ defaults write com.google.Chrome AuthServerWhitelist
        "*.example.com"



        $ defaults write com.google.Chrome AuthNegotiateDelegateWhitelist
        "*.example.com"



      2. Setting Chrome's whitelist settings with SimpleMDM configuration push (this method actually succeeded in pushing the settings to Chrome - proven by going to chrome://policy and seeing the settings)

      3. Uninstalling anti-virus

      4. Adding every possible FQDN to the list of servers whitelisted in step 2 - first just the servers we have whitelisted in Windows (because Windows actually works), and then a list of Okta servers recommended by Okta support

      I still cannot get this feature to work and I am now trying to figure out if there's a way to troubleshoot the process Chrome uses to pickup the Kerberos ticket from the OS. Some kind of debugger for Chrome's Kerberos ticket pickup mechanism would be great, but I imagine no such thing is available.






      mac-osx kerberos google-chrome







      share|improve this question














      I am implementing Okta as a single-sign on provider in an enterprise environment of about 90 users. One of Okta's features is Desktop Single Sign On - the ability for users to be authenticated with Okta simply by virtue of having logged into their machine and thereby authenticating with the domain. The user simply opens a browser, goes to the company's Okta tenant URL, and they are logged in.



      Without this feature, the user would be prompted for their credentials when loading up the Okta tenant URL.



      DSSO is accomplished by the browser picking up a Kerberos ticket from the OS that itself is generated when the user authenticates with the Active Directory domain. The browser then hands this ticket back to the server, and the server communicates with the Okta cloud to authenticate the user.



      The authentication flow in our environment goes like this:



      1. User logs into their machine. A kerberos ticket is generated upon login and authentication with the domain.

      2. User opens their browser, and either tries to access an Okta-protected/integrated app, or goes directly to their Okta portal.

      3. User is redirected by Okta to our load balancer, which terminates the request at the IWA web app on the web server

      4. IWA web app challenges the browser for authentication

      5. Browser grabs the Kerberos ticket from the OS and hands it to the load balancer, which passes it to the IWA web app

      6. IWA app validates the ticket and fetches user profile from AD

      7. IWA app generates and digitally signs an SSO token and sends it to the browser

      8. Browser returns the tokent to Okta via HTML form POST

      9. Okta completes the sign-in request and returns the user to the app with an SSO token

      The process is failing on step 5, and I know this is the case because:



      1. Chrome prompts the user for NTLM credentials when the Okta tenant URL is requested

      2. This prompt happens before the IWA web app and the browser is configured properly for DSSO (per the documentation I linked at the beginning)

      3. The prompt does not happen on Chrome, Firefox, and Internet Explorer on Windows (DSSO works on Windows with Chrome, Firefox, and IE)

      4. This prompt does not happen in Safari on macOS X, but does happen with Chrome and Firefox in OS X

      What I cannot figure out is why Chrome and Firefox are not picking up the Kerberos ticket from the OS in macOS X, but the same browsers in Windows are picking up the ticket without a hitch.



      Steps I've tried:




      1. Setting Chrome's whitelist settings with the following terminal
        commands (recommended by Okta's documentation):



        $ defaults write com.google.Chrome AuthServerWhitelist
        "*.example.com"



        $ defaults write com.google.Chrome AuthNegotiateDelegateWhitelist
        "*.example.com"



      2. Setting Chrome's whitelist settings with SimpleMDM configuration push (this method actually succeeded in pushing the settings to Chrome - proven by going to chrome://policy and seeing the settings)

      3. Uninstalling anti-virus

      4. Adding every possible FQDN to the list of servers whitelisted in step 2 - first just the servers we have whitelisted in Windows (because Windows actually works), and then a list of Okta servers recommended by Okta support

      I still cannot get this feature to work and I am now trying to figure out if there's a way to troubleshoot the process Chrome uses to pickup the Kerberos ticket from the OS. Some kind of debugger for Chrome's Kerberos ticket pickup mechanism would be great, but I imagine no such thing is available.






      mac-osx kerberos google-chrome




      mac-osx kerberos google-chrome






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked May 8 at 11:55









      user490549user490549

      11




      11




















          0






          active

          oldest

          votes












          Your Answer








          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "2"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













          draft saved

          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f966368%2fkerberos-ticket-hand-off-no-good-on-chrome-on-macos-x%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes















          draft saved

          draft discarded
















































          Thanks for contributing an answer to Server Fault!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f966368%2fkerberos-ticket-hand-off-no-good-on-chrome-on-macos-x%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Club Baloncesto Breogán Índice Historia | Pavillón | Nome | O Breogán na cultura popular | Xogadores | Adestradores | Presidentes | Palmarés | Historial | Líderes | Notas | Véxase tamén | Menú de navegacióncbbreogan.galCadroGuía oficial da ACB 2009-10, páxina 201Guía oficial ACB 1992, páxina 183. Editorial DB.É de 6.500 espectadores sentados axeitándose á última normativa"Estudiantes Junior, entre as mellores canteiras"o orixinalHemeroteca El Mundo Deportivo, 16 setembro de 1970, páxina 12Historia do BreogánAlfredo Pérez, o último canoneiroHistoria C.B. BreogánHemeroteca de El Mundo DeportivoJimmy Wright, norteamericano do Breogán deixará Lugo por ameazas de morteResultados de Breogán en 1986-87Resultados de Breogán en 1990-91Ficha de Velimir Perasović en acb.comResultados de Breogán en 1994-95Breogán arrasa al Barça. "El Mundo Deportivo", 27 de setembro de 1999, páxina 58CB Breogán - FC BarcelonaA FEB invita a participar nunha nova Liga EuropeaCharlie Bell na prensa estatalMáximos anotadores 2005Tempada 2005-06 : Tódolos Xogadores da Xornada""Non quero pensar nunha man negra, mais pregúntome que está a pasar""o orixinalRaúl López, orgulloso dos xogadores, presume da boa saúde económica do BreogánJulio González confirma que cesa como presidente del BreogánHomenaxe a Lisardo GómezA tempada do rexurdimento celesteEntrevista a Lisardo GómezEl COB dinamita el Pazo para forzar el quinto (69-73)Cafés Candelas, patrocinador del CB Breogán"Suso Lázare, novo presidente do Breogán"o orixinalCafés Candelas Breogán firma el mayor triunfo de la historiaEl Breogán realizará 17 homenajes por su cincuenta aniversario"O Breogán honra ao seu fundador e primeiro presidente"o orixinalMiguel Giao recibiu a homenaxe do PazoHomenaxe aos primeiros gladiadores celestesO home que nos amosa como ver o Breo co corazónTita Franco será homenaxeada polos #50anosdeBreoJulio Vila recibirá unha homenaxe in memoriam polos #50anosdeBreo"O Breogán homenaxeará aos seus aboados máis veteráns"Pechada ovación a «Capi» Sanmartín e Ricardo «Corazón de González»Homenaxe por décadas de informaciónPaco García volve ao Pazo con motivo do 50 aniversario"Resultados y clasificaciones""O Cafés Candelas Breogán, campión da Copa Princesa""O Cafés Candelas Breogán, equipo ACB"C.B. Breogán"Proxecto social"o orixinal"Centros asociados"o orixinalFicha en imdb.comMario Camus trata la recuperación del amor en 'La vieja música', su última película"Páxina web oficial""Club Baloncesto Breogán""C. B. Breogán S.A.D."eehttp://www.fegaba.com

          Image
          Barça LassaBAXI ManresaCafés Candelas BreogánDelteco GBCDivina Seguros JoventutHerbalife Gran CanariaIberostar TenerifeKirolbet BaskoniaMonbus ObradoiroMontakit FuenlabradaMoraBanc AndorraMovistar EstudiantesReal MadridSan Pablo BurgosTecnyconta ZaragozaUCAM MurciaUnicajaValencia Basket Club Baloncesto Breogán baloncestoLugoGalicia1966JuanJosé Ramón Varela Portasmáxima categoría1970competicións europeasLiga ACBPavillón MunicipalPazo dos DeportesJesús Lázareliga EBAClub Estudiantes1965Lugobaloncestosegunda divisiónJosé RamónJuan Varela-Portas y Pardo1966Celestino Fernández de la Vega196869primeira divisiónZaragozaprimeira divisiónReal MadridJoventutEstudiantes19701971máxima categoría estatal11 de outubro1970Palacio dos DeportesLugoTenerifeMadridReal MadridAlfredo PérezBreogán19711972TenerifeMadridvascocatalánAlfredo PérezespañolMadridLugoManresa La Casera19741975As...
          Read more

          Vilaño, A Laracha Índice Patrimonio | Lugares e parroquias | Véxase tamén | Menú de navegación43°14′52″N 8°36′03″O / 43.24775, -8.60070

          Image
          Parroquias da LarachaParroquias de Galicia baixo a advocación de Santiago o Maior coruñésLarachacomarca de BergantiñosIGE20131999castro de Montesclarospoboado castrexoidade de ferroromanización de Galiciamiliariopazo de Montesclarosséculo XIXAmboadeA AreosaA BarreiraBos AiresA BoticaAs Brañas da ViñaAs BrañasBusteloOs CanedosFerreirosAs FervenzasA Fonte da CanleO FormigueiroFornelosA FragaFragundeGravidoA LamelaMarfuloOs MeánsMontes ClarosA PanelaO PazoQuintánsRibelaSamiroO SeixoA TelleiraVilañoVilanovaA ViñaVista AlegreCabovilaño (San Román)Caión (Santa María do Socorro)Coiro (San Xián)Erboedo (Santa María)Golmar (San Bieito)Lemaio (Santa Mariña)Lendo (San Xián)Lestón (San Martiño)Montemaior (Santa María Madanela)Soandres (San Pedro)Soutullo (Santa María)Torás (Santa María)Vilaño (Santiago) Vilaño, A Laracha Na Galipedia, a Wi...
          Read more

          Cegueira Índice Epidemioloxía | Deficiencia visual | Tipos de cegueira | Principais causas de cegueira | Tratamento | Técnicas de adaptación e axudas | Vida dos cegos | Primeiros auxilios | Crenzas respecto das persoas cegas | Crenzas das persoas cegas | O neno deficiente visual | Aspectos psicolóxicos da cegueira | Notas | Véxase tamén | Menú de navegación54.054.154.436928256blindnessDicionario da Real Academia GalegaPortal das Palabras"International Standards: Visual Standards — Aspects and Ranges of Vision Loss with Emphasis on Population Surveys.""Visual impairment and blindness""Presentan un plan para previr a cegueira"o orixinalACCDV Associació Catalana de Cecs i Disminuïts Visuals - PMFTrachoma"Effect of gene therapy on visual function in Leber's congenital amaurosis"1844137110.1056/NEJMoa0802268Cans guía - os mellores amigos dos cegosArquivadoEscola de cans guía para cegos en Mortágua, PortugalArquivado"Tecnología para ciegos y deficientes visuales. Recopilación de recursos gratuitos en la Red""Colorino""‘COL.diesis’, escuchar los sonidos del color""COL.diesis: Transforming Colour into Melody and Implementing the Result in a Colour Sensor Device"o orixinal"Sistema de desarrollo de sinestesia color-sonido para invidentes utilizando un protocolo de audio""Enseñanza táctil - geometría y color. Juegos didácticos para niños ciegos y videntes""Sistema Constanz"L'ocupació laboral dels cecs a l'Estat espanyol està pràcticament equiparada a la de les persones amb visió, entrevista amb Pedro ZuritaONCE (Organización Nacional de Cegos de España)Prevención da cegueiraDescrición de deficiencias visuais (Disc@pnet)Braillín, un boneco atractivo para calquera neno, con ou sen discapacidade, que permite familiarizarse co sistema de escritura e lectura brailleAxudas Técnicas36838ID00897494007150-90057129528256DOID:1432HP:0000618D001766C10.597.751.941.162C97109C0155020

          Image
          OftalmoloxíaDiscapacidade sentidovistaNorteaméricaEuropaollopaíses en vías de desenvolvementopaíses desenvolvidos2014Organización Mundial da SaúdeGaliciaretinopatía diabéticaglaucomaresto visualagudeza visualcampo visualterapia xénicaretinavirus do arrefriado comúncanadestradoséculo XIXLouis Brailleteclado brailleescáneresrecoñecemento óptico de caractereslectores de pantallacorsinestesiafrauta doceamareloclarineteazultamboresvermellopianoverdeSistema Constanzsemáforocans guíaBrailletactosoftwaretactoeuroAvuiséculo XXUnión SoviéticaFranciaItaliaInglaterraNataciónatletismociclismojudoesquífútbol salamontañismoxadrezgoalballsociedademúsicosindixentesprofetassabiosoídotactomúsicarisatactooídolinguaxePiaget (function()var node=document.getElementById("mw-dismissablenotice-anonplace");if(node)node.outerHTML="u003Cdiv class="mw-dismissable-notice"u0...
          Read more