Authentication using Spnego
We have developed a web application which supports integrated windows authentication using spnego.
For enabling integrated authentication on Mozilla firefox i have made followin configuration
network.negotiate-auth.trusted-uris = domain of the trusted uri network.negotiate-auth.allow-non-fqdn = false network.negotiate-auth.allow-proxies = true network.negotiate-auth.using-native-gsslib = true.
My application doesnt support ntlm so havent made any configuration related to that.
Everything works file inside local network. I mean the browser is able to get kerberos service token and send it to my application.
But when I hit the same trusted site outside local network I observed that it doesnt respond at all.
Below is the flow 1. I hit the trusted url from mozilla browser outside local network 2. My application challenges browser for service token with 401 Negotiate challenge 3. Browser tries to get service token but is unable to get it because its outside the domain(Local intranet) and cannot find kerberos server or KDC. 4. Browser doesnt respond at all. I was expecting that it will respond with empty service ticket.In IE I observed that it sends NTLM token.
I want to know why the browser is not responding and how should I handle such scenario ?
所有回覆 (1)
Can you find anything useful in Firefox's error console? Ctrl+Shift+j to open. Typically it works best to Clear what's there and reload the page on which you want to take an action. See what errors/warnings/messages might be relevant, then submit the form/click the button that takes the non-working action and check for new errors/warnings/messages.