Firefox in a Single Sign-on Intranet Environment
April 17th, 2007I have been using Firefox for my normal browsing at work, but found it useless for browsing the company intranet because it asked me repeatedly for my network user name and password. There were other annoyances, as well. Many sites using SSL certificates made Firefox flash multiple warning messages because our proxy issues certificates instead of passing them through unchanged. I decided today was the day to fix these annoyances. The Single Sign-on fix only works with the Windows version of Firefox, unfortunately.
To fix the Single Sign-on problem:
- Type
about:config
in the Navigation Bar. - Type
ntlm
in the Filter box. - Right-click on
network.automatic-ntlm-auth.trusted-uris
and choose Modify. - Type in the domains you want to have access to without typing in your password over and over again. This could include a list like the following:
home,portal,service,hr
. The format of this list is each domain is seperated by a comma without a space. - Click OK.
These changes take effect immediately, so go ahead and navigate to another web site and test out your intranet. If the site asks for your user name and password enter it and try to keep navigating. If any more pages start asking for your user name and password and they are part of your intranet, note the domains and add them to the list using the directions above.
To fix the SSL certificates problem you need to export the certificate your intranet uses with SSL encrypted traffic. To export the certificate in Internet Explorer:
- Open IE, go to
Tools -> Internet Options
. - Click the
Content
tab. - Click
Certificates
. - Click the
Trusted Root Certification Authorities
tab. - Select the certificate issued by your intranet (look for your company name).
- Click
Export
. - Click
Next
,Next
. - Save the file somewhere and give it a good name.
- Click Yes, Next, and OK until you get back to the main IE window.
To import the certificate into Firefox:
- Open Firefox, go to
Tools -> Options
. - Click the
Advanced
tab. - Click the
Encryption
tab within theAdvanced
section. - Click
View Certificates
. - Click the
Authorities
tab. - Click
Import
. - Choose the file you exported above.
If all goes well you should be able to use your intranet and browse the Internet using Firefox as long as your intranet doesn’t use ActiveX controls.
April 19th, 2007 at 11:17 am
If you could make the words smaller and the sentences smaller, I might be able to understand. How about you just put something shiny on the screen and I will be happy. I like shiny things.
June 8th, 2012 at 9:05 am
I used the network.automatic-ntlm-auth.trusted-uris trick to block the annoying user/pw popups on my firefox for intranet website, thanks much!!
I’m wondering now how do i roll this out to about 100 people using firefox in the company. I’m thinking through a registry patch but couldn’t seem to find the registry entry for this option.