Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3156
Views
0
Helpful
2
Replies

IronPort & FireFox Pass-Through Authentication - How To

cireland_ironport
Level 1
Level 1

‎07-28-2008 07:33 PM

Out of the box, FireFox does not support pass-through authentication. Here is a work around to get pass-through authentication to work. I've tested it and it works like a champ.

Within FireFox go to “Tools” menu, drop down to “Options”, then go to the “Advanced” section. Click the “Network” tab and then under “Connection” select the “Settings” button.

In the “HTTP Proxy” field insert the short / NetBIOS proxy host name of the IronPort and specify the proxy port then click “OK”.

[img:fb9b682b7e]http://users.ctinet.net/cki/ironport/wsa-firefox.jpg[/img:fb9b682b7e]

Close FireFox completely and open up notepad (start – run – notepad.exe) and browse to and edit the following file: “C:\Program Files\Mozilla Firefox\greprefs\all.js”.

The following changes to “all.js” will enable SPNEGO and will also allow transparent IWA in Firefox:

Search for: pref("network.negotiate-auth.trusted-uris", ""); and replace with: pref("network.negotiate-auth.trusted-uris", "ironportweb");

Furthermore, search for: pref("network.negotiate-auth.delegation-uris", ""); and replace with: pref("network.negotiate-auth.delegation-uris", "ironportweb");

*replace the word “ironportweb” with the short / NetBIOS name of your specific IronPort S-Series proxy hostname.

Once the changes have been implemented save the file and close.

Finally, open up FireFox, browse the web, and watch the pass-through authentication magic happen!

Regards,

Chris

Labels:
0 Helpful
2 Replies 2

cireland_ironport
Level 1
Level 1

‎07-29-2008 12:12 AM

I found this on the IronPort KB... looks to be a bit easier than the method I was using ;)

http://ironport.custhelp.com/cgi-bin/ironport.cfg/php/enduser/std_adp.php?p_faqid=1003&p_created=1201796211&p_sid=652UgW9j&p_lva=467&p_sp=cF9zcmNoPTEmcF9zb3J0X2J5PWRmbHQmcF9ncmlkc29ydD0mcF9yb3dfY250PTcmcF9wcm9kcz0wJnBfY2F0cz0wJnBfcHY9JnBfY3Y9JnBfc2Vh...

Chris



Some versions of Firefox do not automatically trust all servers to send transparent credentials to. The newest versions appear to be having the problem.

You will need to manually add the WSA transparent authentication redirection hostname into the trusted URLs in Firefox. This value can be found in Network -> Authentication -> “Transparent Authentication Redirect Hostname”

   1.  Open Firefox and type “about:config” in the address bar (without the quotes)
   2.  In the ‘Filter’ field type the following “network.automatic-ntlm-auth.trusted-uris”
   3.  Double-click the name of the preference that we just searched for
   4.  Enter the Transparent Authentication Redirect Hostname

0 Helpful

spoonman_ironport
Level 1
Level 1

‎09-04-2008 04:33 PM

Beautiful!!! Works perfectly. Thanks

0 Helpful
Customers Also Viewed These Support Documents