<!DOCTYPE html> <html> <head> <meta charset="utf-8"> <title>IPA: Identity Policy Audit</title> <link rel="stylesheet" type="text/css" href="../ui/jquery-ui.css" /> <link rel="stylesheet" type="text/css" href="../ui/ipa.css" /> <link rel="stylesheet" type="text/css" href="ipa_error.css" /> <script type="text/javascript" src="../ui/jquery.js"></script> <script type="text/javascript" src="krb.js"></script> <script type="text/javascript"> $(document).ready(function() { var domain = '.' + (IPA_DOMAIN || 'example.com'); $('.example-domain').text(domain); if ($.browser.mozilla) { $("#configurefirefox").show(); } }); </script> </head> <body class="info-page"> <div class="container_1 ssbrowser"> <div class="header-logo"> <img src="../ui/images/ipa-logo.png" /><img src="../ui/images/ipa-banner.png" /> </div> <div class="textblockkrb"> <h1>Browser Kerberos Setup</h1> <img alt="Internet Explorer" src="../ui/images/ie-icon.png"><h2>Internet Explorer Configuration</h2> <p>Once you are able to log into the workstation with your kerberos key you are now able to use that ticket in Internet Explorer. </p> <strong>Login to the Windows machine using an account of your Kerberos realm (administrative domain)</strong><br> <strong>In Internet Explorer, click Tools, and then click Internet Options.</strong> <br> <ul> <li> 1. Click the Security tab </li> <li> 2. Click Local intranet </li> <li> 3. Click Sites </li> <li> 4. Click Advanced </li> <li> 5. Add your domain to the list </li> <br> <li> 1. Click the Security tab </li> <li> 2. Click Local intranet </li> <li> 3. Click Custom Level </li> <li> 4. Select Automatic logon only in Intranet zone </li> <br> <li> Visit a kerberized web site using IE (You must use the fully-qualified Domain Name in the URL)</li> <li><strong> You are all set. </strong></li> </ul> <br> <img alt="Firefox" src="../ui/images/firefox-icon.png"><h2>Firefox Configuration</h2> <p>You can configure Firefox to use Kerberos for Single Sign-on. The following instructions will guide you in configuring your web browser <br> to send your Kerberos credentials to the appropriate Key Distribution Center which enables Single Sign-on. </p> <ul><li> 1. In the address bar of Firefox, type <tt>about:config</tt> to display the list of current configuration options.</li> <li> 2. In the Filter field, type <tt>negotiate</tt> to restrict the list of options. </li> <li> 3. Double-click the <tt>network.negotiate-auth.trusted-uris</tt> entry to display the Enter string value dialog box. </li> <li> 4. Enter the name of the domain against which you want to authenticate, for example, <tt class="example-domain">.example.com.</tt> </li> <br> <li><strong> You are all set. </strong></li> </ul> <h3><a name="oldfirefox"></a> Automatic Configuration of older versions</h3> <p>You can configure older versions of Firefox (up to version 14) using signed code. Use <a href="browserconfig.html">Firefox configuration page</a> for newer versions.</p> <ul> <li>1. Import <a href="ca.crt">CA certificate</a>. Make sure you checked all three checkboxes.</li> <li>2. Click on "Configure Browser" button below.</li> <li id="configurefirefox" style="display:none"><object data="jar:/ipa/errors/configure.jar!/preferences.html" type="text/html" class="browser-config"></object></li> </ul> </div> </div> </body> </html>