Configuring web browsers to support SPNEGO
Configure your web browser to support SPNEGO authentication.
Add HCL Connections™ and HTTP Server to the list of sites that are permitted to engage in SPNEGO authentication with the browser.
To edit your web browser preferences, complete the following steps:
-
Do one of the following:
- Microsoft™ Internet Explorer:
- From the Internet Explorer menu, select Tools > Internet Options and then click the Security tab.
- Click the Local intranet icon and then click Sites.
- Click Advanced and then add the web address of the host name of your Connections server into the Add this website to the zone field. For example: *.enterprise.example.com. Click Add.
- Enter the host name of your HTTP Server into the Add this website to the zone field and click Add. For example: http://<IHS_host>or https://IHS_host>".
- Click OK to save the change and return to the main Security page.
- Click Custom level, scroll to find User Authentication > Logon, and select Automatic logon only in Intranet zone. Click OK to save the change and return to the main Security page.
- If you are using Edge, you must set the trust settings in Microsoft Internet Explorer. Click the Trusted sites icon and then click Sites. Click Add.
- Enter the SPNEGO URL into the Add this website to the zone field and click Add.
- Click the Advanced tab, scroll to find Security, and then select the Enable Integrated Windows Authentication check box. Click OK to save the change.
- Restart the web browser to apply the configuration changes.
- Mozilla Firefox:
- Open Firefox and type about:config into the location bar.
- Type network.n into the Filter field and double-click network.negotiate-auth.trusted-uris.
- Enter the address of the server that hosts Connections, for example,
enterprise.example.com
. - Click OK to save the change.
- If the deployed SPNEGO solution is using the advanced Kerberos application of Credential Delegation, double-click network.negotiate-auth.delegation-uris. This preference defines the sites for which the browser can delegate user authorization to the server. Enter a comma-delimited list of trusted domains or URLs.
- Restart Firefox to apply the configuration change.
- Microsoft™ Internet Explorer:
Parent topic:Enabling single sign-on for the Windows desktop
Previous topic:Configuring SPNEGO (and Kerberos optionally) on WebSphere Application Server