Solution for SSO in Firefox!
I just figured out how to fix the SSO issue in Firefox. It turns out it's not a limitation of SSO, Tomcat, or SDP in general, but rather an advanced security setting in Firefox.
Normally when SSO is enabled and you go to your SDP site in Firefox, a login dialog box will appear requiring your domain username and password. This doesn't happen in IE as long as the site is in the local intranet zone, because NTLM pass-through authentication (a.k.a. single sign-on, or SSO) is allowed in that zone. Firefox does not have easily-configurable security zones, but there is an advanced setting in the prefs.js file that will enable this feature. This setting is per user (non-global), meaning if multiple people use Firefox under different logins on the same PC, these steps will have to be repeated for each one of them. Here's how to do it:
[list=1:0b38277039] * In Firefox, type about:config in the address bar to bring up the advanced preferences for Firefox
* Locate the preference labeled network.automatic-ntlm-auth.trusted-uris
* Double-click the blank value field and enter the address for your SDP server, as well as any other website addresses (optional) you want to enable SSO for, each separated by a comma, like so:
* Log out of SDP and close and restart Firefox
From now on, you should no longer receive a login dialog in Firefox for your SDP server or any other sites you entered. FYI, I have tested this on Firefox 2.0.0.13 and 3.0 beta 4. AdventNet, you probably want to add this to your knowledgebase, as well as the admin guide for SDP.
Normally when SSO is enabled and you go to your SDP site in Firefox, a login dialog box will appear requiring your domain username and password. This doesn't happen in IE as long as the site is in the local intranet zone, because NTLM pass-through authentication (a.k.a. single sign-on, or SSO) is allowed in that zone. Firefox does not have easily-configurable security zones, but there is an advanced setting in the prefs.js file that will enable this feature. This setting is per user (non-global), meaning if multiple people use Firefox under different logins on the same PC, these steps will have to be repeated for each one of them. Here's how to do it:
[list=1:0b38277039] * In Firefox, type about:config in the address bar to bring up the advanced preferences for Firefox
* Locate the preference labeled network.automatic-ntlm-auth.trusted-uris
* Double-click the blank value field and enter the address for your SDP server, as well as any other website addresses (optional) you want to enable SSO for, each separated by a comma, like so:
http://mysdpserver.mydomain.local,http://additional.website.com,http://yetanother.site.net
* Log out of SDP and close and restart Firefox
From now on, you should no longer receive a login dialog in Firefox for your SDP server or any other sites you entered. FYI, I have tested this on Firefox 2.0.0.13 and 3.0 beta 4. AdventNet, you probably want to add this to your knowledgebase, as well as the admin guide for SDP.
Topic Participants
Bradley Munsen
JJMan_me
SpuddyMcSpud
Sinclair Parkinson