Enabling NTLM Authentication (Single Sign-On) in Firefox

 

If like me you use Firefox within a corporate environment, you perhaps repeatedly get prompted for your username and password when you use internal web applications whereas Internet Explorer just lets you log right in using Single Sign-On (SSO).  Some people don’t realize it, but Firefox is capable of NTLM authentication (Windows pass-through), just like Internet Explorer – all you need to do is tell it for which sites it should permit NTLM.

Firefox and others in the Mozilla family acheives this through what it calls integrated authentication that entails support for the the Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) internet standard (RFC 2478) to negotiate either NTLM, Kerberos, or other authentication protocols supported by the operating system, leveraging system libraries that provide SPNEGO: SSPI on Microsoft Windows, and GSS-API on Linux, Mac OSX, and other UNIX-like systems.

So, that’s great, but how do you do it?

Method 1 – Do it yourself!

  • Open Firefox and type about:config in the address bar.
  • You will be prompted with a warning – click the “I’ll be careful, I promise!” button.

 

 

 

 

 

  • Use the ‘Filter’ field to find the network.automatic-ntlm-auth.trusted-uris configuration parameter
  • Double-click the name of the configuration parameter
  • Enter the URLs of the sites you wish to enable NTLM authentication for in the form:
    • http://intranet,http://sharepoint
  • Note that we only include the http:// prefix and then the hostname of the server; there is no trailing slash nor a path to any particular page.  Authentication is enabled on a per-site basis.


 

 

 

 

  • Now, when you go to the websites listed, you should be logged on using your Windows credentials through NTLM.

Method 2 – Use an extension!

If you don’t want to open up the about:config page whenever you come across a site that you’d like to add NTLM authentication, then as you would expect, someone has written a Firefox Extension called Integrated Authentication for Firefox that provides a simple interface to add and remove entries.  Install the Extension, restart Firefox, and then in your Tools menu, you will find a new option called Integrated Authentication Sites that will open up a simple dialog box that lets you add or remove entries. As per the manual method, note that you should only include the http:// prefix and the hostname of the server; there is no trailing slash nor a path to any particular page. Authentication is enabled on a per-site basis.

 

3 thoughts on “Enabling NTLM Authentication (Single Sign-On) in Firefox

  1. You mean for newer versions you have to set both “network.automatic-ntlm-auth.trusted-uris” and “network.negotiate-auth.trusted-uris”?

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>