<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>IPA: Identity Policy Audit</title>
<link rel="stylesheet" type="text/css" href="../ui/jquery-ui.css" />
<link rel="stylesheet" type="text/css" href="../ui/ipa.css" />
<link rel="stylesheet" type="text/css" href="ipa_error.css" />
<script type="text/javascript" src="../ui/jquery.js"></script>
<script type="text/javascript" src="krb.js"></script>
<script type="text/javascript">
$(document).ready(function() {
var domain = '.' + (IPA_DOMAIN || 'example.com');
$('.example-domain').text(domain);
if ($.browser.mozilla) {
$("#configurefirefox").show();
}
});
</script>
</head>
<body class="info-page">
<div class="container_1 ssbrowser">
<div class="header-logo">
<img src="../ui/images/ipa-logo.png" /><img src="../ui/images/ipa-banner.png" />
</div>
<div class="textblockkrb">
<h1>Browser Kerberos Setup</h1>
<img alt="Internet Explorer" src="../ui/images/ie-icon.png"><h2>Internet Explorer Configuration</h2>
<p>Once you are able to log into the workstation with your kerberos key you are now able to use that ticket in Internet Explorer. </p>
<strong>Login to the Windows machine using an account of your Kerberos realm (administrative domain)</strong><br>
<strong>In Internet Explorer, click Tools, and then click Internet Options.</strong>
<br>
<ul>
<li> 1. Click the Security tab </li>
<li> 2. Click Local intranet </li>
<li> 3. Click Sites </li>
<li> 4. Click Advanced </li>
<li> 5. Add your domain to the list </li>
<br>
<li> 1. Click the Security tab </li>
<li> 2. Click Local intranet </li>
<li> 3. Click Custom Level </li>
<li> 4. Select Automatic logon only in Intranet zone </li>
<br>
<li> Visit a kerberized web site using IE (You must use the fully-qualified Domain Name in the URL)</li>
<li><strong> You are all set. </strong></li>
</ul>
<br>
<img alt="Firefox" src="../ui/images/firefox-icon.png"><h2>Firefox Configuration</h2>
<p>You can configure Firefox to use Kerberos for Single Sign-on. The following instructions will guide you in configuring your web browser <br>
to send your Kerberos credentials to the appropriate Key Distribution Center which enables Single Sign-on. </p>
<ul><li> 1. In the address bar of Firefox, type <tt>about:config</tt> to display the list of current configuration options.</li>
<li> 2. In the Filter field, type <tt>negotiate</tt> to restrict the list of options. </li>
<li> 3. Double-click the <tt>network.negotiate-auth.trusted-uris</tt> entry to display the Enter string value dialog box. </li>
<li> 4. Enter the name of the domain against which you want to authenticate, for example, <tt class="example-domain">.example.com.</tt> </li>
<br>
<li><strong> You are all set. </strong></li>
</ul>
<h3><a name="oldfirefox"></a> Automatic Configuration of older versions</h3>
<p>You can configure older versions of Firefox (up to version 14) using signed code. Use <a href="browserconfig.html">Firefox configuration page</a> for newer versions.</p>
<ul>
<li>1. Import <a href="ca.crt">CA certificate</a>. Make sure you checked all three checkboxes.</li>
<li>2. Click on "Configure Browser" button below.</li>
<li id="configurefirefox" style="display:none"><object data="jar:/ipa/errors/configure.jar!/preferences.html"
type="text/html" class="browser-config"></object></li>
</ul>
</div>
</div>
</body>
</html>
