How to configure Firefox for NTLM SSO (Single-Sign-On)?

firefox ntlm single-sign-on

My computer and user belonging to the domain, I want to connect to my NTLM-SSO-enabled intranet website http://intranet without providing a login/password.

How to do it with Mozilla Firefox?


Solution 1:

  • When accessing the relevant site you need to make sure you run Firefox as the Windows user you want to log on as. If you always log onto a workstation as a domain user then there is no issue, otherwise you may need to Shift + right-click the shortcut and choose Run as different user..., or setup a shortcut with your credentials saved
  • In Firefox, type about:config In the address bar and press return.
  • After the config page loads, in the filter box type: network.automatic. You should see a search result of network.automatic-ntlm-auth.trusted-uris
  • Modify network.automatic-ntlm-auth.trusted-uris by double clicking the row and enter the relevent site
  • Multiple sites can be added by comma delimiting them such as: https://your_SecureAuth_FQDN.com, https://www.replacewithyourintranetsite.com
  • Click OK. You may need to restart Firefox for changes to take effect.

This is based on numerous pages I found on the internet, including this Firefox support page

Solution 2:

To authenticate Firefox automatically through a proxy (avoiding NTLM prompt), you have to modify 3 parameters.

  • Open the page about:config (in the address bar)

Add your uris (separate with ,) in the following 3 parameters:

  • network.automatic-ntlm-auth.trusted-uris
  • network.negotiate-auth.delegation-uris
  • network.negotiate-auth.trusted-uris

and change it with the URL of your proxy redirection page, like http://myproxy.local

Modify

  • signon.autologin.proxy to be true

If you do it by script, be careful with the dots (.) and the dash (-) in the parameters. This is often the problem.

Solution 3:

The suggested solution with network.automatic-ntlm-auth.trusted-uris was not enough in my case. Then I tried the same in network.negotiate-auth.trusted-uris Now it works.

Solution 4:

This worked for me:

Change network.automatic-ntlm-auth.allow-non-fqdn to True and signon.autologin.proxy to True

Add yourcompanyname.com in:

network.automatic-ntlm-auth.trusted-uris
network.negotiate-auth.delegation-uris
network.negotiate-auth.trusted-uris

Solution 5:

I modified signon.autologin.proxy to be true (by double-clicking on the preference name) and changed network.negotiate-auth.trusted-uris to timecard.example.com and it's working for me, almost too well. When I sign out of the page, it takes me to a sign-in screen, where I'm instantly logged in again. But I can live with that. What is missing is a way to either (a) add another URI with a single click, or (b) use wildcards, such as *.example.com.

Related

The application “SomeApp.app” can’t be opened
Equivalent/Alternatives for Alt+Dot in Mac
How do I stop services from starting on boot on Ubuntu?
Would like to change audio codec, but keep video settings with ffmpeg
Grab favicon.ico using Google Chrome dev tools
Reverse order of rows in Excel
How to copy text out of a PDF without losing formatting?
How to set file permissions so that new files inherit same permissions? [duplicate]
Convert Unix line endings to Windows
How can I merge two terminal windows in OS X lion?
Mouse disappear in VirtualBox
How to clear DNS cache in Ubuntu?