22

We have many internal web sites on our domain:

  • a.blah.com
  • b.bhah.com
  • c.blah.com

IE authenticates automatically using the currently signed in domain user but fire fox pops up a login box, sometimes multiple times per page load if assets on different internal sites are referenced. I've tried modifying about:config as suggest by this post but that didn't resolve the issue.

Does anyone have any other suggestions about how to get firefox to authenticate using the signed in domain user? I'm currently using the IETab firefox addon to load these internal pages using the IE engine but I'd prefer a simpler solution...

Improve this question
1
  • Firefox can apparently do the authentication, but I've never been able to get it to work so I just use IETab too.
    – CookieOfFortune
    Commented Jun 5, 2009 at 20:51

3 Answers 3

Reset to default
17

I think this will cover you:

http://markmonica.com/2007/11/20/firefox-and-integrated-windows-authentication/

How to configure Firefox

  1. Open Firefox
  2. In the address bar type: about:config
  3. Firefox3.x and later requires you to agree that you will proceed with caution.
  4. After the config page loads, in the filter box type: network.automatic
Improve this answer
5

If you are on a network using Kerberos for authentication, you should try the following.

Open about:config in Firefox and navigate via the filter 'network.negotiate-auth'. You will see a handful of settings related to Kerberos / GSSAPI Authentication.

The two of interest will be 'network.negotiate-auth.delegation-uris' and 'network.negotiate-auth.trusted-uris'. It sounds like all of the sites where you need to authenticate are under one domain, so the following settings should work for you.

network.negotiate-auth.delegation-uris => http:// network.negotiate-auth.trusted-uris => blah.com

If you need to set multiple sites/domains, then you would modify the latter to be the following.

network.negotiate-auth.trusted-uris => a.blah.com,b.blah.com,c.blah.com

One caveat that you should beware is the delegation uri should ideally be using https instead of http. If you are in a closed private network this typically not a big deal, but you'll be opening yourself up to man-in-the-middle exploits against sites that are accessed over the internet. If you want both allowed, you can use the following.

network.negotiate-auth.delegation-uris => http://,https://

Regarding the comment by brendan, the values for network.negotiate-auth.trusted-uris are the same as you would set for network.automatic-ntlm-auth.trusted-uris to enable NTLM. On most servers using windows 2003 or later; you will see that Negotiate is attempted before NTLM.

Improve this answer
-1

If you're not logged in as the Windows domain user, Firefox has no way to set a generic login for, say, *.blah.com.

Tracked as Mozilla Bug 589628.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .