Enabling NTLM Authentication (Single Sign-On) in Firefox
This HowTo will describe how to enable NTLM authentication (Single Sign-On) in Firefox.
How many of you have noticed that when you are using Internet Explorer and you browse to your companies intranet page that it will automatically authenticate you but when you use Firefox you will be prompted with a login box?
I recently, in searching for solutions to allow NTLM authentication with Apache, stumbled across how to set a preference in Firefox that will pass the NTLM authentication information to a web server. The preference is network.automatic-ntlm-auth.trusted-uris.
So how do you do it?
1) Open Firefox and type “about:config” in the address bar. (without the quotes of course)
2) In the ‘Filter’ field type the following “network.automatic-ntlm-auth.trusted-uris”
3) Double click the name of the preference that we just searched for
4) Enter the URLs of the sites you wish to pass NTLM auth info to in the form of:
http://intranet.company.com,http://email.company.lan
5) Notice that you can use a comma separated list in this field.
6) Updated: I have created VBScript that can be used to insert this information into a users prefs.js file by using group policy or standalone if for some reason you want to use it for that.
The script is available to be downloaded here.
After downloading the script you will want to extract it from the ZIP archive and then modify the line starting with strSiteList.
NOTE: This script will not perform its function if the user has Firefox open at the time the script is executed. Running the script through group policy will work without problem unless for some reason your group policy launches Firefox before the execution of this script.
You can read through the rest of the script for additional information. If you have questions, comments or concerns please let me know.
Good clear instructions.
Now can you get it to pass kerberos auth?
network.automatic-ntlm-auth.trusted-uris seems to be removed in firefox 3…
@Sol: I just checked and that configuration is indeed still in Firefox 3.
@Sol: you probably mistyped something. Just use “ntlm” as your filter, there will only be three or four results, and the trusted-urls one is definitely in there in FF3.
Thanks. Works on FF 3
This is amazing, thanks so much. I already deployed it to my whole company
This is great help to use without authentication at work.
It bumped up before. now I am happy with this solution.
Thanks!
I have made the entry in “about:config”. I still have to provide my user credentials.
preference name:= network.automatic-ntlm-auth.trusted-uris
value:= http://microsoft.com/team_mate
the site still prompts me for credentials.
That value can only contain http://microsoft.com without the trailing slash and without additional parts of the url appended.
Hey Matt!
do you have a copy of the Script that is created? the link have been removed.
Best Regrds
Ronny
Hi,
is there any chance to get a hand on this great VBS? the link is down.
Since
Ron
The link has been fixed. http://cdn.sivel.net/f/i/firefox_ntlm_preference_conf.zip
Thx Matt! :)
//Ronny
Ronny,
is it possible for u to send me the ntml-script for firefox. The link is down again and I need it badly ;)
Regards
Tom-Erik
Norway
Sorry to bother, I did manage to download now…
Would there be a problem if https is used? I’m setting the value for our sharepoint server (IT set it up with https for both internal and external) and am still prompted for credentials… Argh.
I enabled network.automatic-ntlm-auth.trusted-uris and added http://support.therocksandiego.org but it still prompts me for a user/pass when I enable single-signon in the support application. Works fine in IE. Any thoughts?
p.s. Its the new firefox 3.5.5
@Merle Reine,
Instead of putting the whole url in the field, try just putting the domain. Instead of:
http://support.therocksandiego.org
put in:
therocksandiego.org
That’s the format I use for our intranet and it auto authenticates for me just fine.