Tuesday, 19 June 2012

Configuring Firefox to work with SPNEGO / Kerberos

I've spoken and presented at length on the solution to provide desktop Single Sign-On (SSO) between Microsoft Windows and WebSphere Application Server: -

and made reference to the option to also configure Mozilla Firefox to support SPNEGO via the network.negotiate-auth.trusted-uris property

However, what I hadn't mentioned was that one can add multiple sites into this field.

What I'd failed to remember is that the separator to be used is a comma (,) - which explained why SSO wasn't working for the second and third sites :-)

Thankfully, this site - Enabling NTLM Authentication (Single Sign-On) in Firefox - came to the rescue. Since Matt Sivel wrote his post, Mozilla have deprecated the network.automatic-ntlm-auth.trusted-uris setting, replacing it with network.negotiate-auth.trusted-uris.

However, Matt's point about the comma saved me :-)

No comments: