Enabling Integrated Windows Authentication in Firefox

Follow these steps to enable Firefox users to use Integrated Windows Authentication (IWA) to authenticate through ADFS.

Note: The Extended Protection authentication setting on Windows is used to configure Kerberos mutual authentication. In this type of authentication, to prevent a man-in-the-middle attack, the server authenticates to the client and the client authenticates the server. Windows 7 on Firefox doesn't support Extended Protection. If users use this client configuration disable Extended Protection in ADFS.

Procedure

  1. Start Firefox
  2. In the address bar, type about:config. At the prompt that warns to proceed with caution, agree to continue.
  3. Search for each setting in the following table and provide the value indicated.
    Table 1. Settings to enable Integrated Windows Authentication in Firefox
    Setting Value
    network.negotiate-auth.delegation-uris Fully-qualified host name of the ADFS server, for example:
    adfs01.us.renovations.com
    network.automatic-ntlm-auth.trusted-uris Fully-qualified host name of the ADFS server, for example:
    adfs01.us.renovations.com
    network.automatic-ntlm-auth.allow-proxies True
    network.negotiate-auth.allow-proxies True