-
Title
DSP: AD2AD: When using the Firefox browser, initial authentication fails when starting the Direct -
Description
DSP: AD2AD: When using the Firefox browser, initial authentication fails when starting the Direct -
Resolution
Issue
In an environment where the Directory Sync Pro console and SQL server are on different servers or VMs. When using the Firefox browser to start the Directory Sync Pro console in order to enter license info, create new profiles etc., initial authentication required by Firefox fails.
Solution
Root problem is a double hop authentication needed in Firefox. Adding "localhost" to the below settings in about:config resolves this issue.
To configure Firefox to use Windows Integrated Authentication:
- Open Firefox.
- In the address bar type about:config
- You will receive a security warning. To continue, click “I accept the risk!”
- You will see a list of preferences listed. Find the settings below by browsing through the list or searching for them in the search box. Once you have located each setting, update the value to the following:
· network.negotiate-auth.delegation-uris MyIISServer.domain.com (comma separated values)
· network.automatic-ntlm-auth.trusted-uris MyIISServer.domain.com (comma separated values)
· network.automatic-ntlm-auth.allow-proxies True
· network.negotiate-auth.allow-proxies True
MyIISServer.domain.com should be the fully qualified name of your IIS server
Note: MyIISServer.domain.com could also be “localhost” depending on where they run the client.