8.3 Configuring the End User Browsers for Kerberos Authentication

If you are using Windows Integrated Authentication, each end user browser must be configured to use Kerberos authentication.

  1. Add the computers of the users to the Active Directory domain.

    For instructions, see your Active Directory documentation.

  2. Log in to the Active Directory domain, rather than the computer.

  3. If you are using Internet Explorer, configure the Web browser to trust the appliance:

    1. Click Tools > Internet Options > Security > Local intranet > Sites > Advanced.

    2. In the Add this website to the zone field, enter the Base URL for the appliance, then click Add.

      In the configuration example, this URL is serv1.ag4c.com.

    3. Click Close > OK.

    4. Click Tools > Internet Options > Advanced.

    5. Verify in the Security section that Enable Integrated Windows Authentication is selected, then click OK.

    6. Restart the browser.

  4. If you are using Firefox, configure the Web browser to trust the appliance:

    1. In the URL field, specify about:config.

    2. In the Filter field, specify network.n.

    3. Double click network.negotiate-auth.trusted-uris.

      This preference lists the sites that are permitted to engage in SPNEGO Authentication with the browser. Specify a comma-delimited list of trusted domains or URLs.

      For this example configuration, add serv1.ag4c.com to the list.

    4. Click OK, then restart your Firefox browser.