How to configure Firefox for NTLM SSO (Single-Sign-On)?

firefox ntlm single-sign-on
161,823

Solution 1

  • When accessing the relevant site you need to make sure you run Firefox as the Windows user you want to log on as. If you always log onto a workstation as a domain user then there is no issue, otherwise you may need to Shift + right-click the shortcut and choose Run as different user..., or setup a shortcut with your credentials saved
  • In Firefox, type about:config In the address bar and press return.
  • After the config page loads, in the filter box type: network.automatic. You should see a search result of network.automatic-ntlm-auth.trusted-uris
  • Modify network.automatic-ntlm-auth.trusted-uris by double clicking the row and enter the relevent site
  • Multiple sites can be added by comma delimiting them such as: https://your_SecureAuth_FQDN.com, https://www.replacewithyourintranetsite.com
  • Click OK. You may need to restart Firefox for changes to take effect.

This is based on numerous pages I found on the internet, including this Firefox support page

Solution 2

To authenticate Firefox automatically through a proxy (avoiding NTLM prompt), you have to modify 3 parameters.

  • Open the page about:config (in the address bar)

Add your uris (separate with ,) in the following 3 parameters:

  • network.automatic-ntlm-auth.trusted-uris
  • network.negotiate-auth.delegation-uris
  • network.negotiate-auth.trusted-uris

and change it with the URL of your proxy redirection page, like http://myproxy.local

Modify

  • signon.autologin.proxy to be true

If you do it by script, be careful with the dots (.) and the dash (-) in the parameters. This is often the problem.

Solution 3

The suggested solution with network.automatic-ntlm-auth.trusted-uris was not enough in my case. Then I tried the same in network.negotiate-auth.trusted-uris Now it works.

Solution 4

This worked for me:

Change network.automatic-ntlm-auth.allow-non-fqdn to True and signon.autologin.proxy to True

Add yourcompanyname.com in:

network.automatic-ntlm-auth.trusted-uris
network.negotiate-auth.delegation-uris
network.negotiate-auth.trusted-uris

Solution 5

I modified signon.autologin.proxy to be true (by double-clicking on the preference name) and changed network.negotiate-auth.trusted-uris to timecard.example.com and it's working for me, almost too well. When I sign out of the page, it takes me to a sign-in screen, where I'm instantly logged in again. But I can live with that. What is missing is a way to either (a) add another URI with a single click, or (b) use wildcards, such as *.example.com.

Share:
161,823

Related videos on Youtube

Nicolas Raoul
Author by

Nicolas Raoul

I am Nicolas Raoul, IT consultant in Tokyo. Feel free to copy/paste the source code from my StackExchange answers, I release it to the public domain.

Updated on September 18, 2022

Comments

  • Nicolas Raoul
    Nicolas Raoul almost 2 years

    My computer and user belonging to the domain, I want to connect to my NTLM-SSO-enabled intranet website http://intranet without providing a login/password.

    How to do it with Mozilla Firefox?

  • shorif2000
    shorif2000 about 10 years
    this does not work. i have read the same thing on many pages. is there an update for firefox v30
  • James P
    James P about 10 years
    @sharif: Try using the downloading the following add-on: addons.mozilla.org/en-US/firefox/addon/… then click Tools->Integrated Authentication Sites and check the box at the bottom that says Enable pass-through on all non-FQDN sites even if they aren't listed here
  • James P
    James P about 10 years
    @sharif: The issue that affects Firefox 30 specifically is that insecure v1 of NTLM has been disabled by default. It could be that you need to use the about:config editor to set network.negotiate-auth.allow-insecure-ntlm-v1 to be true. However, NTLMv1 is very old, so I'm not sure if you would be using it. Relevant link: developer.mozilla.org/en-US/Firefox/Releases/30/…
  • Van Jone
    Van Jone almost 9 years
    Still not working: FF keeps popping that annoying dialog prompt with already saved username and password
  • Van Jone
    Van Jone almost 9 years
    Nothing works so far. Whatever I try from all answers here, FF keeps popping that annoying dialog prompt with (already saved!) username and password. Very un-thought design on FF side, I must say...
  • James P
    James P almost 9 years
    Depending on the situation it might be worth trying with network.automatic-ntlm-auth.allow-non-fqdn set to true, although for me it still worked when set to false and not specifying a domain. Unfortunately Mozilla have made these settings far too numerous and complex
  • Michal Bernhard
    Michal Bernhard about 6 years
    network.negotiate-auth.trusted-uris works for me. Eg. when subdomain1.companydomain.cz/identitity/auth is page where authentication through NTML is done, you have tu put value subdomain1.companydomain.cz (ie. protocol and full domain, without path). Note that values are comma (,) separated.
  • Adarsh
    Adarsh almost 6 years
    Works perfectly for me. My organization uses windows based single sign-on. Tested on firefox v61.0.2

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Enable NTLM SSO in Firefox via Group Policy
NTLM authentication to AD FS for non-IE browser without 'Extended Protection' switched off?
Does Firefox support wildcards in NTLM / Negotiate URI's for autologin?
How to enable NTLM for all intranet sites in Firefox?
How do I configure NTLM authentication in Firefox on Linux?
Firebug console error HTTP 407 Proxy Authentication Required
pending update of "firefox" snap Close the app to avoid disruptions
"Although GNOME Shell integration extension is running, native host connector is not detected" error in 22.04
Flutter Web scrollwheel scrolls in slow steps on Firefox
Sample cypress script to bypass SSO