Knowledge Base Article: Allow AD Credentials to be sent via browsers in Firefox and Internet Explorer

Allow AD Credentials to be sent via browsers in Firefox and Internet Explorer

WEB-01

integrated authentication firefox active directory web interface AD ntlm uris Internet Explorer url

HelpMaster > Web Interface > Configuration

Web Interface

8/14/2007 11:25:38 AM

9/29/2014 10:00:43 AM


Description

When using Windows integrated authentication for the Web Module login, without additional configuration of your browser Windows may prompt for Active Directory credentials. After entering your credentials the login succeeds. (If the Windows Security challenge login screen continues to come up even after entering correct Active Directory credentials then the problem is a different issue. In this case see the attached Knowledge Base article under "See Also" at the bottom of this article.)

Solution

You will need to add the host for the web interface to a list of accepted hosts (Trusted Sites) to supply Active Directory credentials, and in Internet Explorer also change the user authentication logon mode.

Internet Explorer

The IIS server host name needs to be added to the zone that is being detected by Internet Explorer. You can check which zone it is by first successfully logging in manually and then it will be displayed in the Internet Explorer status bar on the bottom RHS. After determining which zone is being used, that zone needs to be modified to trust the site (IIS server host) and allow the current AD user login to be passed through to the Web Module. If it comes up as the "Internet" zone then modify the "Trusted Sites" zone, if "Local intranet" modify that zone as follows;

1. Open IE's 'Internet Options' from the 'Tools' menu and click on the 'Security' tab,
2. Click on the zone being used (or "Trusted Sites" for "Internet" zone) and then click the "Sites" button (and then "Advanced" if modifying the "Local intranet" zone),
3. Add your HelpMaster server name e.g. 'webserver' and/or FQDN e.g. 'webserver.domain.com.au' to the 'Websites:' list,
4. Now click on the 'Custom level...' button and scroll to the bottom of the 'Settings' list,
5. Under 'User Authentication'>'Logon', select the 'Automatic logon with current user name and password' option.
The 'Automatic logon in Intranet zone' will only work if the zone being used is the "Local intranet" zone so don't keep this option by default.

Save the above change, close IE and then reopen and browse to the http://[ServerName]/[VirtualDirectory]/Winlogin.aspx page, or any other secure page of the Virtual Directory to effect an AD login. Set up a Favourite or Bookmark to the previous page for future AD logins.

Firefox

This is outside the scope of the ordinary configuration pages that are available in Firefox, and therefore must be configured outside of the properties pages.

 1) Open your Firefox browser

2) In the address bar type 'about:config' and hit enter

3) In the filter, type 'auth' and hit enter

4) Locate the entry 'network.automatic-ntlm-auth.trusted-uris', double click on this entry and add '<hostname>' as a property (where hostname is the name of the Web Server serving the HelpMaster requests. For instance, if the Web was hosted at 'http://SupportServices/helpmaster', add 'SupportServices' to the list).

[image]
 

This should allow the automatic passing of logged on network credentials, which is required if Active Directory integration is to be enabled for the HelpMaster Pro Web Interface (otherwise the user will still be prompted for a login every new session to that page).

 

NOTE: For Administrators to apply this setting organisation wide, in Internet Explorer you can deploy these settings via Domain Group Policy. For Firefox you will need to find another way to deploy this setting to all relevant users.