Firefox in a Single Sign-on Intranet Environment

April 17th, 2007

I have been using Firefox for my normal browsing at work, but found it useless for browsing the company intranet because it asked me repeatedly for my network user name and password. There were other annoyances, as well. Many sites using SSL certificates made Firefox flash multiple warning messages because our proxy issues certificates instead of passing them through unchanged. I decided today was the day to fix these annoyances. The Single Sign-on fix only works with the Windows version of Firefox, unfortunately.

To fix the Single Sign-on problem:

  • Type about:config in the Navigation Bar.
  • Type ntlm in the Filter box.
  • Right-click on network.automatic-ntlm-auth.trusted-uris and choose Modify.
  • Type in the domains you want to have access to without typing in your password over and over again. This could include a list like the following: home,portal,service,hr. The format of this list is each domain is seperated by a comma without a space.
  • Click OK.

These changes take effect immediately, so go ahead and navigate to another web site and test out your intranet. If the site asks for your user name and password enter it and try to keep navigating. If any more pages start asking for your user name and password and they are part of your intranet, note the domains and add them to the list using the directions above.

To fix the SSL certificates problem you need to export the certificate your intranet uses with SSL encrypted traffic. To export the certificate in Internet Explorer:

  • Open IE, go to Tools -> Internet Options.
  • Click the Content tab.
  • Click Certificates.
  • Click the Trusted Root Certification Authorities tab.
  • Select the certificate issued by your intranet (look for your company name).
  • Click Export.
  • Click Next, Next.
  • Save the file somewhere and give it a good name.
  • Click Yes, Next, and OK until you get back to the main IE window.

To import the certificate into Firefox:

  • Open Firefox, go to Tools -> Options.
  • Click the Advanced tab.
  • Click the Encryption tab within the Advanced section.
  • Click View Certificates.
  • Click the Authorities tab.
  • Click Import.
  • Choose the file you exported above.

If all goes well you should be able to use your intranet and browse the Internet using Firefox as long as your intranet doesn’t use ActiveX controls.

2 Responses to “Firefox in a Single Sign-on Intranet Environment”

  1. Spencer J says:

    If you could make the words smaller and the sentences smaller, I might be able to understand. How about you just put something shiny on the screen and I will be happy. I like shiny things.

  2. Sharjeel says:

    I used the network.automatic-ntlm-auth.trusted-uris trick to block the annoying user/pw popups on my firefox for intranet website, thanks much!!

    I’m wondering now how do i roll this out to about 100 people using firefox in the company. I’m thinking through a registry patch but couldn’t seem to find the registry entry for this option.

Leave a Reply

You must be logged in to post a comment.


yandex.rugoogle.rugoogle.ru