Single sign-on with Firefox and NTLM authentification


If you would like to use NTLM authentication for signing in to forms directly from within Firefox, you need to modify some settings.

Option 1 – Changing the NTLM settings manually

When opening the advanced settings, Firefox warns you about voiding your warranty.

The advanced settings in Firefox, with the relevant entries for enabling NTLM support.
  1. Start Firefox and open the advanced settings by entering about:config into the address bar, and press enter.
  2. Firefox now warns you that this might void your warranty. Click on I accept the risk!.
  3. Use the search bar to search for ntlm.
  4. Click twice on the entry network.automatic-ntlm-auth.trusted-uris to modify its value.
  5. Enter the server address of the NTLM server in the dialog that opens. If you want to enter more than one server, do so by separating them with a comma. For example: http://myserver_1, http://myserver_2. In case you want allow an entire domain, this can be achieved like this: http://.myDomain.dom. Wildcards such as a star (*) or a question mark (?) are not supported.

The following steps apply only to Firefox 13 and higher.

  1. Click twice on the entry network.automatic-ntlm-auth.allow-non-fqdn, if its value is not set to true already. It should now be set to true.
  2. Use the search bar to search for negotiate.
  3. Click twice on the entry network.negotiate-auth.allow-non-fqdn, if its value is not set to true already. It should now be set to true.
  4. Click twice on the entry network.negotiate-auth.trusted-uris and enter your domain.

Now restart Firefox and you are done.

Option 2 – Batch script

A simple batch script that add the settings automatically. Note that this will not work when the default settings have already been modified. Save this script with the extension *.cmd.

For companies it may be desirable to apply the required settings via a batch script automatically.

Mozilla Firefox saves its settings in the file prefs.js, located at %APPDATA%\Mozilla\Firefox\Profiles\profilname.default.

The profile name is a random string consisting of 8 letters and digits. When the settings have not yet been modified via the configuration page, they can be added with the following batch script. Firefox should be closed when executing the script.

cd /D "%APPDATA%\Mozilla\Firefox\Profiles\*.default"
echo user_pref("network.automatic-ntlm-auth.allow-non-fqdn", true);>>prefs.js
echo user_pref("network.automatic-ntlm-auth.trusted-uris", "http://meinserver_1,http://meinserver_2");>>prefs.js
echo user_pref("network.negotiate-auth.allow-non-fqdn", true);>>prefs.js
echo user_pref("network.negotiate-auth.trusted-uris", ".myDomain.dom");>>prefs.js