Enabling NTLM Authentication (Single Sign-On) in Firefox

HowTo 23 May 2007 20 Comments

This HowTo will describe how to enable NTLM authentication (Single Sign-On) in Firefox.

How many of you have noticed that when you are using Internet Explorer and you browse to your companies intranet page that it will automatically authenticate you but when you use Firefox you will be prompted with a login box?

I recently, in searching for solutions to allow NTLM authentication with Apache, stumbled across how to set a preference in Firefox that will pass the NTLM authentication information to a web server. The preference is network.automatic-ntlm-auth.trusted-uris.

So how do you do it?

1) Open Firefox and type “about:config” in the address bar. (without the quotes of course)
2) In the ‘Filter’ field type the following “network.automatic-ntlm-auth.trusted-uris”
3) Double click the name of the preference that we just searched for
4) Enter the URLs of the sites you wish to pass NTLM auth info to in the form of:

http://intranet.company.com,http://email.company.lan

5) Notice that you can use a comma separated list in this field.
6) Updated: I have created VBScript that can be used to insert this information into a users prefs.js file by using group policy or standalone if for some reason you want to use it for that.

The script is available to be downloaded here.

After downloading the script you will want to extract it from the ZIP archive and then modify the line starting with strSiteList.

NOTE: This script will not perform its function if the user has Firefox open at the time the script is executed. Running the script through group policy will work without problem unless for some reason your group policy launches Firefox before the execution of this script.

You can read through the rest of the script for additional information. If you have questions, comments or concerns please let me know.

20 Responses on “Enabling NTLM Authentication (Single Sign-On) in Firefox”

  1. frances says:

    Good clear instructions.

  2. Rob says:

    Now can you get it to pass kerberos auth?

  3. Sol says:

    network.automatic-ntlm-auth.trusted-uris seems to be removed in firefox 3…

  4. Matt says:

    @Sol: I just checked and that configuration is indeed still in Firefox 3.

  5. Dan says:

    @Sol: you probably mistyped something. Just use “ntlm” as your filter, there will only be three or four results, and the trusted-urls one is definitely in there in FF3.

  6. Naƫl says:

    Thanks. Works on FF 3

  7. Jesse says:

    This is amazing, thanks so much. I already deployed it to my whole company

  8. JungHwan Lee says:

    This is great help to use without authentication at work.
    It bumped up before. now I am happy with this solution.
    Thanks!

  9. MS_user says:

    I have made the entry in “about:config”. I still have to provide my user credentials.
    preference name:= network.automatic-ntlm-auth.trusted-uris
    value:= http://microsoft.com/team_mate

    the site still prompts me for credentials.

  10. Ronny says:

    Hi,

    is there any chance to get a hand on this great VBS? the link is down.

    Since

    Ron

  11. Pavlos says:

    Would there be a problem if https is used? I’m setting the value for our sharepoint server (IT set it up with https for both internal and external) and am still prompted for credentials… Argh.

  12. Merle Reine says:

    I enabled network.automatic-ntlm-auth.trusted-uris and added http://support.therocksandiego.org but it still prompts me for a user/pass when I enable single-signon in the support application. Works fine in IE. Any thoughts?

  13. Merle Reine says:

    p.s. Its the new firefox 3.5.5

  14. @Merle Reine,

    Instead of putting the whole url in the field, try just putting the domain. Instead of:

    http://support.therocksandiego.org

    put in:

    therocksandiego.org

    That’s the format I use for our intranet and it auto authenticates for me just fine.

Leave a Reply