Avatar for Username

ძიება მხარდაჭერაში

ნუ გაებმებით თაღლითების მახეში მხარდაჭერის საიტზე. აქ არასდროს მოგთხოვენ სატელეფონო ნომერზე დარეკვას, შეტყობინების გამოგზავნას ან პირადი მონაცემების გაზიარებას. გთხოვთ, გვაცნობოთ რამე საეჭვოს შემჩნევისას „დარღვევაზე მოხსენების“ მეშვეობით.

ვრცლად

Kerberos authentication working for Chrome, Edge, Opera, and Brave, but not Firefox

  • 3 პასუხი
  • 1 მომხმარებელი წააწყდა მსგავს სიძნელეს
  • ბოლოს გამოეხმაურა Mike Kaply

bryan
bryan
more options

Firefox (129.0.2) displays "401 - Unauthorized: Access is denied due to invalid credentials" (see attached image)

I have tried various combinations of setting and not setting the following in Firefox:

  • network.negotiate-auth.trusted-uris
  • network.negotiate-auth.delegation-uris
  • network.auth.use-sspi

For the URI settings I have tried both .domainname.domainextension and https://servicename.domainname.domainextension

In Windows 10 Control Panel -> Internet Options, the site is in "Trusted sites" using a domain wildcard, and also "Local intranet" and both "Automatic logon" and "Enable Integrated Windows Authentication" are enabled. I suspect those setting aren't relevant since other browsers are authenticating without error or prompt, but calling this out to show that I've covered that base.

The web service is served by IIS 10.0 on Windows Server 2022 and the authentication provider list only includes Negotiate, but I don't believe this issue has anything to do with IIS or its configuration as, again, other browsers are authenticating without error or prompt.

Anything else to check?

Thank you for any guidance you can offer.

Firefox (129.0.2) displays "401 - Unauthorized: Access is denied due to invalid credentials" (see attached image) I have tried various combinations of setting and not setting the following in Firefox: * network.negotiate-auth.trusted-uris * network.negotiate-auth.delegation-uris * network.auth.use-sspi For the URI settings I have tried both .domainname.domainextension and https://servicename.domainname.domainextension In Windows 10 Control Panel -> Internet Options, the site is in "Trusted sites" using a domain wildcard, and also "Local intranet" and both "Automatic logon" and "Enable Integrated Windows Authentication" are enabled. I suspect those setting aren't relevant since other browsers are authenticating without error or prompt, but calling this out to show that I've covered that base. The web service is served by IIS 10.0 on Windows Server 2022 and the authentication provider list only includes Negotiate, but I don't believe this issue has anything to do with IIS or its configuration as, again, other browsers are authenticating without error or prompt. Anything else to check? Thank you for any guidance you can offer.
მიმაგრებული ეკრანის სურათები

ჩასწორების თარიღი: , ავტორი: bryan

ყველა პასუხი (3)

Mike Kaply
Mike Kaply
  • Moderator
more options

Here's some documentation on this:

https://htmlpreview.github.io/?https://github.com/mdn/archived-content/blob/main/files/en-us/mozilla/integrated_authentication/raw.html

that hopefully helps.

If that doesn't work, let me know. Might be easiest to open a bugzilla bug and get developers involved.

გამოსადეგია?

bryan
bryan კითხვის დამსმელი
more options

Mike Kaply said
Here's some documentation on this: https://htmlpreview.github.io/?https://github.com/mdn/archived-content/blob/main/files/en-us/mozilla/integrated_authentication/raw.html that hopefully helps. If that doesn't work, let me know. Might be easiest to open a bugzilla bug and get developers involved.

unfortunately there wasn't any guidance in there that hasn't already been followed from other sources

გამოსადეგია?

Mike Kaply
Mike Kaply
  • Moderator
more options

I'm at a loss.

I think you might get some better help on this from our enterprise list.

https://groups.google.com/a/mozilla.org/g/enterprise

Most of the folks there are deploying Firefox an dealing with this stuff on a day to day basis.

If you don't get any responses there, we can open a bugzilla bug and see if we can get the networking team to take a look.

გამოსადეგია?

დასვით კითხვა

უნდა შეხვიდეთ ანგარიშზე პასუხის დასაწერად. გთხოვთ, დასვათ ახალი შეკითხვა, თუ ჯერ არ გაქვთ ანგარიში.