2.3 KiB
		
	
	
	
	
	
	
	
			
		
		
	
	title
| title | 
|---|
| Browser configuration for SPNEGO | 
You might need to configure your web browser to allow SPNEGO. Following are the instructions for major browsers.
Firefox
- In the address bar of Firefox, type about:configto display the list of current configuration options.
- In the Filter field, type negotiateto restrict the list of options.
- Double-click the network.negotiate-auth.trusted-urisentry to display the Enter string value dialog box.
- Enter the name of the domain against which you want to authenticate. For example, .example.com.
On Windows environments, to automate the deployment of this configuration use a Group policy. On Linux or macOS systems, use policies.json.
Chrome
This section applies only for Chrome users on macOS and Linux machines. For Windows, see the instructions below.
- Make sure you have the necessary directory created by running: mkdir -p /etc/opt/chrome/policies/managed/
- Create a new /etc/opt/chrome/policies/managed/mydomain.jsonfile with write privileges limited to the system administrator or root, and include the following line:{ "AuthServerWhitelist": "*.example.com" }.
Note: if using Chromium, use /etc/chromium/policies/managed/ instead of /etc/opt/chrome/policies/managed/.
To automate the deployment of this configuration use a Group policy.
Windows / Internet Explorer
Log in to the Windows machine using an account of your Kerberos realm (or administrative domain).
Open Internet Explorer, click Tools and then click Internet Options. You can also find Internet Options using the system search.
- Click the Security tab.
- Click Local intranet.
- Click Sites.
- Click Advanced.
- Add your domain to the list.
- Click the Security tab.
- Click Local intranet.
- Click Custom Level.
- Select Automatic login only in Intranet zone.
To automate the deployment of this configuration use a Group policy.
