Single sign-on with Firefox and NTLM authentification
If you would like to use NTLM authentication for signing in to forms directly from within Firefox, you need to modify some settings.
Option 1 – Changing the NTLM settings manually
- Start Firefox and open the advanced settings by entering about:config into the address bar, and press enter.
- Firefox now warns you that this might void your warranty. Click on I accept the risk!.
- Use the search bar to search for ntlm.
- Click twice on the entry network.automatic-ntlm-auth.trusted-uris to modify its value.
- Enter the server address of the NTLM server in the dialog that opens. If you want to enter more than one server, do so by separating them with a comma. For example: http://myserver_1, http://myserver_2. In case you want allow an entire domain, this can be achieved like this: http://.myDomain.dom. Wildcards such as a star (*) or a question mark (?) are not supported.
The following steps apply only to Firefox 13 and higher.
- Click twice on the entry network.automatic-ntlm-auth.allow-non-fqdn, if its value is not set to true already. It should now be set to true.
- Use the search bar to search for negotiate.
- Click twice on the entry network.negotiate-auth.allow-non-fqdn, if its value is not set to true already. It should now be set to true.
- Click twice on the entry network.negotiate-auth.trusted-uris and enter your domain.
Now restart Firefox and you are done.
Option 2 – Batch script
For companies it may be desirable to apply the required settings via a batch script automatically.
Mozilla Firefox saves its settings in the file prefs.js, located at %APPDATA%\Mozilla\Firefox\Profiles\profilname.default.
The profile name is a random string consisting of 8 letters and digits. When the settings have not yet been modified via the configuration page, they can be added with the following batch script. Firefox should be closed when executing the script.
cd /D "%APPDATA%\Mozilla\Firefox\Profiles\*.default"
echo user_pref("network.automatic-ntlm-auth.allow-non-fqdn", true);>>prefs.js
echo user_pref("network.automatic-ntlm-auth.trusted-uris", "http://meinserver_1,http://meinserver_2");>>prefs.js
echo user_pref("network.negotiate-auth.allow-non-fqdn", true);>>prefs.js
echo user_pref("network.negotiate-auth.trusted-uris", ".myDomain.dom");>>prefs.js
echo user_pref("network.automatic-ntlm-auth.allow-non-fqdn", true);>>prefs.js
echo user_pref("network.automatic-ntlm-auth.trusted-uris", "http://meinserver_1,http://meinserver_2");>>prefs.js
echo user_pref("network.negotiate-auth.allow-non-fqdn", true);>>prefs.js
echo user_pref("network.negotiate-auth.trusted-uris", ".myDomain.dom");>>prefs.js