Copy link to clipboard
Copied
I'm starting to use JavaScript in an application which is fount at the internal-only address (say...):
http://tlcapps/bah-humbug/ihatechristmas.cfm
The opening page contains four JavaScript links ... and guess what Firefox is doing! Prompting four or five times in a row for my credentials! (Then, the page opens up just fine.)
I have already tried to use this admonition, obtained from somewhere and variously confirmed by others:
To enable windows authentication on your domain.
1. Open Firefox
2. Navigate to the url about:config
3. Locate the following preference names and put as the value the comma separated values of the address roots.
network.automatic-ntlm-auth.trusted-uris
network.negotiate-auth.delegation-uris
network.negotiate-auth.trusted-uris
Your value should look something like this: localhost,server1,server2,serverX
But without success. (I entered "tlcapps" into these boxes.)
What am I doing wrong? (At my age, I don't have hair-follicles to spare!)
Copy link to clipboard
Copied
BTW: IE doesn't do this.
Copy link to clipboard
Copied
This Firefox bug-report appears to be relevant: https://bugzilla.mozilla.org/show_bug.cgi?id=356097
The "AutoAuth" plug-in referenced toward the bottom of the comments makes the situation slightly more tolerable but does not resolve it.
This comment (#74) toward the end of the bug-report might give a timeline for resolution:
(In reply to comment #73):
> I had a long discussion about this with Boris. They are
considering it but
> maybe it won't be possible to implement until October (when 3.6
comes out which
> contains the fix).
Taking into account that I reported this bug back in October 2006,
I am just
happy this has been tackled and will be implemented in a few
months.
This has clearly been the most annoying bug in FF for me.
Thank you!
Patrick
Does anyone else have any other input?
Copy link to clipboard
Copied
I didn't put a server into my firefox network.automatic-ntlm-auth.trusted-uris config setting, I put a domain name.
I.E. tlcapps.com or whatever is relevant.
Copy link to clipboard
Copied
As a result of whatever decision that was made before my time, the URL does not have a ".com" suffix.
Therefore, the URL for (say) a hypothetical "timekeeper" application would be (say): http://tlcapps/timekeeper/start.cfm.
This is "simply the way it is done around here" for the inward-facing applications.
Copy link to clipboard
Copied
That is the way it is here as well.
My example was actually a domain called "cps"
It worked for me.
Copy link to clipboard
Copied
Okay, Ian... please re-cap exactly "what worked for you":
At this point, I feel like "FireFox thinks it has 'a good reason for asking,' but I don't yet quite know what that 'reason' is."
Copy link to clipboard
Copied
1) Maybe. In my case we have a local web application that is accessed by typin "CSD" in the url bar. This redirects to a another local domain named "tracker8". That is what I entered into the network.automatic-ntlm-auth.trusted-uris Preference Name in my Firefox config. This worked perfectly for me and I no longer need to login to this application when using Firefox.
2) I don't know about these different parameters. I only knew about the network.automatic-ntlm-auth.trusted-uris one, and it worked for me.
3) Yes, each and every http request the browser makes to a ntlm protected web server needs to be approved, be it html, scripts, css or images.
4) Quite possible. If that proxy server is not allowing the ntlm authentication HTTP requests through or some how monkeying with the domain names being seen by your browser. It could very well be affecting this issue.
P.S. Sorry about the delay in my reply. I was unexpectedly out of the office most of last week.
Copy link to clipboard
Copied
I found a solution to this problem ... and it is strange ...
(1) It only worked correctly when the only configuration parameter that I filled-out with "tlcapps" was network.automatic-ntlm-auth.trusted-uris. When I included the string into other parameters, it didn't work. (This with or without #2 below.)
(2) I use the "privoxy" proxy on the local-machine, just to keep myself halfway-sane when trying to use the Internet. That proxy does not (yet...) support NTLM correctly. But I could enter "tlcapps" into "No proxy for" (corresponds to network.proxy.no_proxies_on), it magically worked.
Although the latest privoxy 3.0.13 is supposed to handle NTLM, it does not appear to do so yet.