This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Kerberos Authentication with ADFS not working in Firefox Quantum

  • 2 replies
  • 3 have this problem
  • 281 views
  • Paskiausią atsakymą parašė jmpsymalla

more options

We are attempting to use ADFS with Kerberos. The /adfs/ls/wia URL works out of box with both Internet Explorer and Google Chrome, but we unable to make it work in Firefox Quantum. Instead we are presented with a completely blank screen. We are running ADFS 3.0 on Windows Server 2012 R2 with NTLM traffic disabled. When we temporarily enable NTLM on the ADFS server, Kerberos authentication works. We have also tried on a Windows Server 2016 box running ADFS 4.0 and we get the same results. Have have ensured that the WIA user agent includes Mozilla 5.0 and up.

We have also tried adjusting the URIS in about:config as suggested online to include our domain for the following values:

network.automatic-ntlm-auth.trusted-uris network.negotiate-auth.trusted-uris

We are wondering if there are any further configurations that we may need to get this to work.

Thanks

We are attempting to use ADFS with Kerberos. The /adfs/ls/wia URL works out of box with both Internet Explorer and Google Chrome, but we unable to make it work in Firefox Quantum. Instead we are presented with a completely blank screen. We are running ADFS 3.0 on Windows Server 2012 R2 with NTLM traffic disabled. When we temporarily enable NTLM on the ADFS server, Kerberos authentication works. We have also tried on a Windows Server 2016 box running ADFS 4.0 and we get the same results. Have have ensured that the WIA user agent includes Mozilla 5.0 and up. We have also tried adjusting the URIS in about:config as suggested online to include our domain for the following values: network.automatic-ntlm-auth.trusted-uris network.negotiate-auth.trusted-uris We are wondering if there are any further configurations that we may need to get this to work. Thanks

Chosen solution

I would suggest taking this question to the enterprise mailing list:

https://mail.mozilla.org/listinfo/enterprise

You'll find more folks that might be doing something similar.

I don't have any experience in this area.

You could also check out:

https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication

to see if it has helpful information.

Skaityti atsakymą kartu su kontekstu 👍 1

All Replies (2)

more options

Chosen Solution

I would suggest taking this question to the enterprise mailing list:

https://mail.mozilla.org/listinfo/enterprise

You'll find more folks that might be doing something similar.

I don't have any experience in this area.

You could also check out:

https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication

to see if it has helpful information.

more options

mkaply - thank you for suggesting the enterprise mailing list, I will check that out.