Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
New Member

IronPort & FireFox Pass-Through Authentication - How To

Out of the box, FireFox does not support pass-through authentication. Here is a work around to get pass-through authentication to work. I've tested it and it works like a champ.

Within FireFox go to “Tools” menu, drop down to “Options”, then go to the “Advanced” section. Click the “Network” tab and then under “Connection” select the “Settings” button.

In the “HTTP Proxy” field insert the short / NetBIOS proxy host name of the IronPort and specify the proxy port then click “OK”.

[img:fb9b682b7e]http://users.ctinet.net/cki/ironport/wsa-firefox.jpg[/img:fb9b682b7e]

Close FireFox completely and open up notepad (start – run – notepad.exe) and browse to and edit the following file: “C:\Program Files\Mozilla Firefox\greprefs\all.js”.

The following changes to “all.js” will enable SPNEGO and will also allow transparent IWA in Firefox:

Search for: pref("network.negotiate-auth.trusted-uris", ""); and replace with: pref("network.negotiate-auth.trusted-uris", "ironportweb");

Furthermore, search for: pref("network.negotiate-auth.delegation-uris", ""); and replace with: pref("network.negotiate-auth.delegation-uris", "ironportweb");

*replace the word “ironportweb” with the short / NetBIOS name of your specific IronPort S-Series proxy hostname.

Once the changes have been implemented save the file and close.

Finally, open up FireFox, browse the web, and watch the pass-through authentication magic happen!

Regards,

Chris

2 REPLIES
New Member

Re: IronPort & FireFox Pass-Through Authentication - How To

I found this on the IronPort KB... looks to be a bit easier than the method I was using ;)

http://ironport.custhelp.com/cgi-bin/ironport.cfg/php/enduser/std_adp.php?p_faqid=1003&p_created=1201796211&p_sid=652UgW9j&p_lva=467&p_sp=cF9zcmNoPTEmcF9zb3J0X2J5PWRmbHQmcF9ncmlkc29ydD0mcF9yb3dfY250PTcmcF9wcm9kcz0wJnBfY2F0cz0wJnBfcHY9JnBfY3Y9JnBfc2Vh...

Chris



Some versions of Firefox do not automatically trust all servers to send transparent credentials to. The newest versions appear to be having the problem.

You will need to manually add the WSA transparent authentication redirection hostname into the trusted URLs in Firefox. This value can be found in Network -> Authentication -> “Transparent Authentication Redirect Hostname”

1. Open Firefox and type “about:config” in the address bar (without the quotes)
2. In the ‘Filter’ field type the following “network.automatic-ntlm-auth.trusted-uris”
3. Double-click the name of the preference that we just searched for
4. Enter the Transparent Authentication Redirect Hostname

New Member

Re: IronPort & FireFox Pass-Through Authentication - How To

Beautiful!!! Works perfectly. Thanks

1423
Views
0
Helpful
2
Replies