8 Replies Latest reply on Aug 24, 2009 9:50 AM by TLC-IT

    Aargh!  Five(!) "authentication required" prompts from Firefox!

    TLC-IT Level 3

      I'm starting to use JavaScript in an application which is fount at the internal-only address (say...)

      http://tlcapps/bah-humbug/ihatechristmas.cfm

       

       

       

      The opening page contains four JavaScript links ... and guess what Firefox is doing!  Prompting four or five times in a row for my credentials!  (Then, the page opens up just fine.)

       

      I have already tried to use this admonition, obtained from somewhere and variously confirmed by others:

       

      To enable windows authentication on your domain.

      1. Open Firefox

      2. Navigate to the url about:config

      3. Locate the following preference names and put as the value the comma separated values of the address roots.

      network.automatic-ntlm-auth.trusted-uris

      network.negotiate-auth.delegation-uris

      network.negotiate-auth.trusted-uris

      Your value should look something like this: localhost,server1,server2,serverX

       

       

      But without success.  (I entered "tlcapps" into these boxes.)

       

      What am I doing wrong?    (At my age, I don't have hair-follicles to spare!)

        • 2. Re: Aargh!  Five(!) "authentication required" prompts from Firefox!
          TLC-IT Level 3

          This Firefox bug-report appears to be relevant:  https://bugzilla.mozilla.org/show_bug.cgi?id=356097

           

          The "AutoAuth" plug-in referenced toward the bottom of the comments makes the situation slightly more tolerable but does not resolve it.

           

          This comment (#74) toward the end of the bug-report might give a timeline for resolution:

          (In reply to comment #73):
          > I had a long discussion about this with Boris. They are
          considering it but
          > maybe it won't be possible to implement until October (when 3.6
          comes out which
          > contains the fix).


          Taking into account that I reported this bug back in October 2006,
          I am just
          happy this has been tackled and will be implemented in a few
          months.

          This has clearly been the most annoying bug in FF for me.

          Thank you!

          Patrick

           

          Does anyone else have any other input?

          • 3. Re: Aargh!  Five(!) "authentication required" prompts from Firefox!
            ilssac Level 5

            I didn't put a server into my firefox network.automatic-ntlm-auth.trusted-uris config setting, I put a domain name.

             

            I.E.  tlcapps.com or whatever is relevant.

            • 4. Re: Aargh!  Five(!) "authentication required" prompts from Firefox!
              TLC-IT Level 3

              As a result of whatever decision that was made before my time, the URL does not have a ".com" suffix.

               

              Therefore, the URL for (say) a hypothetical "timekeeper" application would be (say):  http://tlcapps/timekeeper/start.cfm.

               

              This is "simply the way it is done around here" for the inward-facing applications.

              • 5. Re: Aargh!  Five(!) "authentication required" prompts from Firefox!
                ilssac Level 5

                That is the way it is here as well.

                 

                 

                My example was actually a domain called "cps"

                 

                It worked for me.

                1 person found this helpful
                • 6. Re: Aargh!  Five(!) "authentication required" prompts from Firefox!
                  TLC-IT Level 3

                  Okay, Ian... please re-cap exactly "what worked for you":

                   

                  1. Are we in agreement that I should be entering "tlcapps" ?
                  2. There appear to be three different configuration-parameters "in play" here ... and although I have not (yet) sought to find documentation for them from the FireFox people, they do appear to have fundamentally different purposes, i.e. "trust" vs. "delegate."  Could they conflict in some way?
                  3. The multiplicity of prompts clearly is coming from the <script> tags in the body of the HTML, because I observe that the number of 'extra' prompts is directly related to the number of script-tags that occur.  Did the case that you speak of do the same?
                  4. There is a "junk-buster" proxy server living on the local box.  (It's the only way I can survive using the Internet these days...)  Could this have any relevance?

                   

                  At this point, I feel like "FireFox thinks it has 'a good reason for asking,' but I don't yet quite know what that 'reason' is."

                  • 7. Re: Aargh!  Five(!) "authentication required" prompts from Firefox!
                    ilssac Level 5

                    1) Maybe.  In my case we have a local web application that is accessed by typin "CSD" in the url bar.  This redirects to a another local domain named "tracker8".  That is what I entered into the network.automatic-ntlm-auth.trusted-uris Preference Name in my Firefox config.  This worked perfectly for me and I no longer need to login to this application when using Firefox.

                     

                    2)  I don't know about these different parameters.  I only knew about the network.automatic-ntlm-auth.trusted-uris one, and it worked for me.

                     

                    3) Yes, each and every http request the browser makes to a ntlm protected web server needs to be approved, be it html, scripts, css or images.

                     

                    4) Quite possible.  If that proxy server is not allowing the ntlm authentication HTTP requests through or some how monkeying with the domain names being seen by your browser.  It could very well be affecting this issue.

                     

                    P.S.  Sorry about the delay in my reply.  I was unexpectedly out of the office most of last week.

                    • 8. Re: Aargh!  Five(!) "authentication required" prompts from Firefox!
                      TLC-IT Level 3

                      I found a solution to this problem ... and it is strange ...

                       

                      (1) It only worked correctly when the only configuration parameter that I filled-out with "tlcapps" was network.automatic-ntlm-auth.trusted-uris.  When I included the string into other parameters, it didn't work.  (This with or without #2 below.)

                       

                      (2) I use the "privoxy" proxy on the local-machine, just to keep myself halfway-sane when trying to use the Internet.  That proxy does not (yet...) support NTLM correctly.  But I could enter "tlcapps" into "No proxy for" (corresponds to network.proxy.no_proxies_on), it magically worked.

                       

                      Although the latest privoxy 3.0.13 is supposed to handle NTLM, it does not appear to do so yet.