Join the AMA (Ask Me Anything) with the Firefox leadership team to celebrate Firefox 20th anniversary and discuss Firefox’s future on Mozilla Connect. Mark your calendar on Thursday, November 14, 18:00 - 20:00 UTC!

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Kerberos Authentication with ADFS not working in Firefox Quantum

  • 2 replies
  • 3 have this problem
  • 1 view
  • Last reply by jmpsymalla

more options

We are attempting to use ADFS with Kerberos. The /adfs/ls/wia URL works out of box with both Internet Explorer and Google Chrome, but we unable to make it work in Firefox Quantum. Instead we are presented with a completely blank screen. We are running ADFS 3.0 on Windows Server 2012 R2 with NTLM traffic disabled. When we temporarily enable NTLM on the ADFS server, Kerberos authentication works. We have also tried on a Windows Server 2016 box running ADFS 4.0 and we get the same results. Have have ensured that the WIA user agent includes Mozilla 5.0 and up.

We have also tried adjusting the URIS in about:config as suggested online to include our domain for the following values:

network.automatic-ntlm-auth.trusted-uris network.negotiate-auth.trusted-uris

We are wondering if there are any further configurations that we may need to get this to work.

Thanks

We are attempting to use ADFS with Kerberos. The /adfs/ls/wia URL works out of box with both Internet Explorer and Google Chrome, but we unable to make it work in Firefox Quantum. Instead we are presented with a completely blank screen. We are running ADFS 3.0 on Windows Server 2012 R2 with NTLM traffic disabled. When we temporarily enable NTLM on the ADFS server, Kerberos authentication works. We have also tried on a Windows Server 2016 box running ADFS 4.0 and we get the same results. Have have ensured that the WIA user agent includes Mozilla 5.0 and up. We have also tried adjusting the URIS in about:config as suggested online to include our domain for the following values: network.automatic-ntlm-auth.trusted-uris network.negotiate-auth.trusted-uris We are wondering if there are any further configurations that we may need to get this to work. Thanks

Chosen solution

I would suggest taking this question to the enterprise mailing list:

https://mail.mozilla.org/listinfo/enterprise

You'll find more folks that might be doing something similar.

I don't have any experience in this area.

You could also check out:

https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication

to see if it has helpful information.

Read this answer in context 👍 1

All Replies (2)

more options

Chosen Solution

I would suggest taking this question to the enterprise mailing list:

https://mail.mozilla.org/listinfo/enterprise

You'll find more folks that might be doing something similar.

I don't have any experience in this area.

You could also check out:

https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication

to see if it has helpful information.

more options

mkaply - thank you for suggesting the enterprise mailing list, I will check that out.