How to configure Firefox for NTLM SSO (Single-Sign-On)?
- When accessing the relevant site you need to make sure you run Firefox as the Windows user you want to log on as. If you always log onto a workstation as a domain user then there is no issue, otherwise you may need to Shift + right-click the shortcut and choose Run as different user..., or setup a shortcut with your credentials saved
- In Firefox, type
about:configIn the address bar and press return. - After the config page loads, in the filter box type:
network.automatic. You should see a search result ofnetwork.automatic-ntlm-auth.trusted-uris - Modify
network.automatic-ntlm-auth.trusted-urisby double clicking the row and enter the relevent site - Multiple sites can be added by comma delimiting them such as:
https://your_SecureAuth_FQDN.com, https://www.replacewithyourintranetsite.com - Click OK. You may need to restart Firefox for changes to take effect.
This is based on numerous pages I found on the internet, including this Firefox support page
To authenticate Firefox automatically through a proxy (avoiding NTLM prompt), you have to modify 3 parameters.
- Open the page about:config (in the address bar)
Add your uris (separate with ,) in the following 3 parameters:
network.automatic-ntlm-auth.trusted-urisnetwork.negotiate-auth.delegation-urisnetwork.negotiate-auth.trusted-uris
and change it with the URL of your proxy redirection page, like http://myproxy.local
Modify
signon.autologin.proxyto betrue
If you do it by script, be careful with the dots (.) and the dash (-) in the parameters. This is often the problem.
The suggested solution with network.automatic-ntlm-auth.trusted-uris was not enough in my case. Then I tried the same in network.negotiate-auth.trusted-uris Now it works.