Configure your browser to authenticate using the "system logon credentials" (Kerberos authentication mechanism):
To access the Firefox settings, enter about:config into the Address bar and press [Enter]. This will bring up a long list of customizable preferences for the current installation of the browser.
You need to add the FQDN (fully qualified domain name) of the IdP Server into the list of trusted URIs:
In the "Login page" can you find the right FQDN:
Attention: These options are for "advanced" users only!
If your OS do not have a GSSAPI integrated (like some Linux distributions). You can specify which external library you desire with:
For example:
Here are other settings concerning negotiate/authentication:
DEBUG: To start the firefox with more debug information, you can use a script like this:
#!/bin/bash export NSPR_LOG_MODULES=negotiateauth:5 export NSPR_LOG_FILE=/var/log/firefox.log firefox |
These browsers must be configured to enable single sign-on (SSO) support. SSO only works using trusted URL's.
In the "Login page" can you find the right FQDN. Wildcards are also supported e.g. *.host_b.com:
Now the browser should be setup correctly.
For Chrome on Windows, follow the instructions for Internet Explorer and Edge. Chrome on Windows uses the global Internet Options settings.
To config chrome you need to start the application the following parameter:
chrome --auth-server-whitelist="*aai-logon.domain-a.com" |
In the "Login page" can you find the right FQDN:
No additional configuration is needed
Opera may not support Kerberos authentication. (We don't know.)