Configure your browser to authenticate using the "system logon credentials" (Kerberos authentication mechanism):
To access the Firefox settings, enter about:config into the Address bar and press [Enter]. This will bring up a long list of customizable preferences for the current installation of the browser.
You need to add the FQDN (fully qualified domain name) of the IdP Server into the list of trusted URIs:
In the "Login page" can you find the right FQDN:
Attention: These options are for "advanced" users only!
If your OS do not have a GSSAPI integrated (like some Linux distributions). You can specify which external library you desire with:
For example:
Here are other settings concerning negotiate/authentication:
DEBUG: To start the firefox with more debug information, you can use a script like this:
#!/bin/bash export NSPR_LOG_MODULES=negotiateauth:5 export NSPR_LOG_FILE=/var/log/firefox.log firefox |
The browser must be configured to enable single sign-on (SSO) support. SSO only works on intranet and using trusted URL's.
In the "Login page" can you find the right FQDN. Wildcards are also supported e.g. *.host_b.com:
Custom Level.
Now the browser should be setup correctly.
To config chrome you need to start the application the following parameter:
chrome --auth-server-whitelist="*aai-logon.domain-a.com" |
In the "Login page" can you find the right FQDN:
No additional configuration is needed
Opera does not currently support Kerberos authentication.