Firefox tutorial: Firefox on your Intranet, configuring for transparent NTLM authentication

By Adam "rampage" Meltzer on September 16, 2004 7:29 PM | | Comments (10) | TrackBacks (1)

Firefox has had NTLM support for quite a while. NTLM is commonly used on Windows networks to authenticate access to various Intranet sites. You use NTLM to authenticate with an Active Directory domain controller, and you use these credentials to talk to Intranet sites. If you're a user of Internet Explorer, this is something you take for granted; it transparently authenticates you to Intranet sites that require authentication.

Firefox hasn't been able to do this transparently, it prompts you to enter your AD credentials for any Intranet site. Starting in the mid-August builds and finally in the 1.0PR build of Firefox, there is now support for transparent NTLM authentication. This overcomes a large hurdle of using Firefox in a corporate setting, that being the hassle of constantly needing to enter your credentials to browse any internal site.

Since this feature has been introduced to little fanfare, I'm writing this quickie tutorial on how to configure your Firefox for browsing your corporate Intranet without the constant authentication requests. In just a few easy steps, you'll have one less excuse to use IE.

Firefox has a configuration directive named network.automatic-ntlm-auth.trusted-uris. This can be accessed directly by typing about:config as a location. This configuration directive takes a comma-delimited list of Intranet site-names. It would look like:

corpweb,somesite,payroll,humanresources,infotech

No http:// or anything, just the host-name. You'll magically be able to go to those sites without the need to enter your credentials ever again. It simply does what IE does and sends your locally cached credentials to the server you're trying to access.

The downside to this is two-fold. First, this is specific to the Win32 version of Firefox only. You can twiddle these knobs in other platformed versions of Firefox, but they are ignored. This is because of the Windows-specific way that credentials are stored and accessed. Secondly, yes, you have to maintain a list of sites. This is unfourtunate, but it's because unlike Internet Explorer, Firefox has no concept of what an Intranet is. Perhaps in future versions, these options will become even more customizable with the ability to specify netmasks or IP ranges, but for now, you're stuck with this list of hostnames.

There's one other notable caveat (which cannot be blamed on Firefox), many corporate Intranet sites rely on things such as ActiveX controls and non-standard markup to render sites. So, it's wholly possible that many Intranet sites that work fine in IE won't work in Firefox anyway by sheer virtue of those sites not supporting standards, but at least you won't have to enter your credentials to find this out.

Firefox recognizes these configuration directives on the fly, so once you set something using about:config, you don't have to restart Firefox for it to take effect (obviously if you store the list in the user.js, then you're SOL).

Still, this is a big development as far as I'm concerned, and it brings Firefox one step closer to being a threat to the enterprise as well as the desktop.

Categories

Geeky Stuff

1 TrackBacks

Listed below are links to blogs that reference this entry: Firefox tutorial: Firefox on your Intranet, configuring for transparent NTLM authentication.

TrackBack URL for this entry: http://www.theficus.com/mt/mt-tb.cgi/913

10 Comments

Lobstermeyer said:

Thanks for posting this! It was very useful.

January 28, 2005 5:52 PM
Neil said:

This was extremly helpful! Thanks!

February 23, 2005 10:17 AM
Kyle said:

Thanks for the info. Very useful

March 21, 2005 11:51 AM
machel said:

That was really pain in the ass before I've read this. Thanks a lot !

April 7, 2005 1:03 AM
Felix said:

Thanks a lot. Now I really have one less excuse on using ie. Yet I wish a link to such a usefull be placed somewhere in Firefox Tools main menu

April 14, 2005 1:35 AM
edward said:

Thanks a lot for this post.

May 19, 2005 6:41 AM
Garret said:

Good stuff Adam. Pretty advanced stuff, I'm here for the everyday user.

June 19, 2005 11:01 AM
Danish Iqbal said:

Anyone have a clue as to how to fix this problem: when linking to a local html page using a file:/// link, it is denied. However, through about:config the security.checklanduri toggle (false) allows you to override the security feauture which disables this by default. The question is why when these pages are loaded are their images not coming up? FireFox does not allows the images to be rendered?

July 6, 2005 12:52 PM
Ahmad said:

Hello,

My company Internet works on NTLM authentication and need domain name to be entered along with User name and Password .

I have entered the domain name in the key value
"network.automatic-ntlm-auth.trusted-uris" , but it is not working .

Is there any way to solve this problem.

Thank You,

November 30, 2005 12:58 AM
Justin said:

I've had the same problem Ahmad. I can login in once and it takes me to the first page, but when I try to go to the next page it keeps asking for me to login again. It still does this even after entering the "network.automatic-ntlm-auth.trusted-uris" string.

February 1, 2006 8:53 AM

Leave a comment

Search


Gamercard

Recent Flickr Uploads

www.flickr.com
This is a Flickr badge showing public photos from rampage. Make your own badge here.

Recently Played

Recent Posts

Categories

Archives

Tag Cloud

Support this site!

Support this site by buying items from Play-Asia.com
Play-Asia.com - Your One-Stop-Shop for Asian Entertainment
* DJMAX Portable
* DJMAX Portable [Prestige Box Set Collector's Edition]
* Beatmania IIDX
* Pop'n Music
* Dance Dance Revolution
* Katamari Damacy
Creative Commons License
This weblog is licensed under a Creative Commons License.
Subscribe to this blog's feed
[What is this?]
Powered by Movable Type Publishing Platform