"That should be easy. You develop cross-browser anyway. Right?"Well, yes and no.
Your Html, Css and JavaScript are only part of the picture.
Browser settings are another creature altogether, and when you're working with Kerberos authentication, browser settings are critical to:
- pass the users credentials without prompting him or her to sign in (single sign-on) and
- allow impersonation and delegation of users credentials from the web server to the database server (double hop).
FireFox Settings - Cheat Sheet
There are 5 settings you need to change, all accessible when you type about:config in the address bar:
setting: network.negotiate-auth.delegation-uris
value: mySite.com,myotherSite.com
setting: network.negotiate-auth.trusted-uris
value: mySite.com,myotherSite.com
setting: network.automatic-ntlm-auth.trusted-uris
value: mySite.com,myotherSite.com
setting: network.automatic-ntlm-auth.allow-proxies
value:true
setting: network.negotiate-auth.allow-proxies
value: true
Piece of cake.
Now for the hard part: figuring out how to change the FireFox settings for your thousands of users...
Posts
7 comments:
Sir, the 4th and 5th steps are the same,is it a typo or they are really meant to be the same
@BLOW: Thanks for picking up on that. The last one should read:
network.negotiate-auth.allow-proxies
(corrected above)
What's the purpose of "signon.autologin.proxy" then?
jawahar: (jawaharraj89@gmail.com)
This is not working for in fire fox.please
guide me to set this
Struggling with this right now. Firefox is stubborn, and in spite of setting
everything right, it refuses to send a Kerberos token.
But I remember to have read a post today somewhere about distributing this
to all users in your org: the options are in a .js file in the Firefox kit for Windows.
There should be a way to extract the relevant file from there, modify it, then put
it back, and have all users use this kit for update/install.
OMIGOSH! Thank you so much! I kept getting an HTTP authentication error for my work website in Firefox, although I could pull it up in Chrome and Opera. Drove me crazy I couldn't access it from Firefox. Thanks to your instructions, it now opens! I was so sick of seeing that 401 error page. THANK YOU!
@Victoria: You're welcome!
Post a Comment