We have developed a web application which supports integrated windows authentication using spnego. For enabling integrated authentication on Mozilla firefox i have made followin configuration network.negotiate-auth.trusted-uris = domain of the trusted uri network.negotiate-auth.allow-non-fqdn = false network.negotiate-auth.allow-proxies = true network.negotiate-auth.using-native-gsslib = true. My application doesnt support ntlm so havent made any configuration related to that. Everything works file inside local network. I mean the browser is able to get kerberos service token and send it to my application. But when I hit the same trusted site outside local network I observed that it doesnt respond at all. Below is the flow 1. I hit the trusted url from mozilla browser outside local network 2. My application challenges browser for service token with 401 Negotiate challenge 3. Browser tries to get service token but is unable to get it because its outside the domain(Local intranet) and cannot find kerberos server or KDC. 4. Browser doesnt respond at all. I was expecting that it will respond with empty service ticket.In IE I observed that it sends NTLM token. I want to know why the browser is not responding and how should I handle such scenario ?