We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Authentication using Spnego

more options

We have developed a web application which supports integrated windows authentication using spnego.

For enabling integrated authentication on Mozilla firefox i have made followin configuration

network.negotiate-auth.trusted-uris = domain of the trusted uri network.negotiate-auth.allow-non-fqdn = false network.negotiate-auth.allow-proxies = true network.negotiate-auth.using-native-gsslib = true.

My application doesnt support ntlm so havent made any configuration related to that.

Everything works file inside local network. I mean the browser is able to get kerberos service token and send it to my application.

But when I hit the same trusted site outside local network I observed that it doesnt respond at all.

Below is the flow 1. I hit the trusted url from mozilla browser outside local network 2. My application challenges browser for service token with 401 Negotiate challenge 3. Browser tries to get service token but is unable to get it because its outside the domain(Local intranet) and cannot find kerberos server or KDC. 4. Browser doesnt respond at all. I was expecting that it will respond with empty service ticket.In IE I observed that it sends NTLM token.

I want to know why the browser is not responding and how should I handle such scenario ?

We have developed a web application which supports integrated windows authentication using spnego. For enabling integrated authentication on Mozilla firefox i have made followin configuration network.negotiate-auth.trusted-uris = domain of the trusted uri network.negotiate-auth.allow-non-fqdn = false network.negotiate-auth.allow-proxies = true network.negotiate-auth.using-native-gsslib = true. My application doesnt support ntlm so havent made any configuration related to that. Everything works file inside local network. I mean the browser is able to get kerberos service token and send it to my application. But when I hit the same trusted site outside local network I observed that it doesnt respond at all. Below is the flow 1. I hit the trusted url from mozilla browser outside local network 2. My application challenges browser for service token with 401 Negotiate challenge 3. Browser tries to get service token but is unable to get it because its outside the domain(Local intranet) and cannot find kerberos server or KDC. 4. Browser doesnt respond at all. I was expecting that it will respond with empty service ticket.In IE I observed that it sends NTLM token. I want to know why the browser is not responding and how should I handle such scenario ?

All Replies (1)

more options

Can you find anything useful in Firefox's error console? Ctrl+Shift+j to open. Typically it works best to Clear what's there and reload the page on which you want to take an action. See what errors/warnings/messages might be relevant, then submit the form/click the button that takes the non-working action and check for new errors/warnings/messages.