Avatar for Username

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

This thread was archived. Please ask a new question if you need help.

How I can configure trusted URL sites by Group Policy?

  • 3 replies
  • 1 has this problem
  • 967 views
  • Last reply by Mike Kaply

strelkovandrey
strelkovandrey

I download Firefox 60. Download ADMX, but I can't found options similar trusted.uris how from about:config. I found only: Authentication_SPNEGO, Authentication_Delegated, Authentication_NTLM.

If I insert links of my sites LDAP authorization in these settings, then the browser, when I try to open them, will still request a login with a password If I manual add ulr to about:config -> trusted:uris - Then everything is successfully authorized

I download Firefox 60. Download ADMX, but I can't found options similar trusted.uris how from about:config. I found only: Authentication_SPNEGO, Authentication_Delegated, Authentication_NTLM. If I insert links of my sites LDAP authorization in these settings, then the browser, when I try to open them, will still request a login with a password If I manual add ulr to about:config -> trusted:uris - Then everything is successfully authorized

Chosen solution

The trusted-uris preference is SPNEGO, so if you configure SPNEGO, you are configuring those URLS. From the documentation here:

https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication

"network.negotiate-auth.trusted-uris lists the sites that are permitted to engage in SPNEGO authentication with the browser"

Read this answer in context 👍 1

All Replies (3)

Mike Kaply
Mike Kaply
  • Moderator

Chosen Solution

The trusted-uris preference is SPNEGO, so if you configure SPNEGO, you are configuring those URLS. From the documentation here:

https://developer.mozilla.org/en-US/docs/Mozilla/Integrated_authentication

"network.negotiate-auth.trusted-uris lists the sites that are permitted to engage in SPNEGO authentication with the browser"

strelkovandrey
strelkovandrey Question owner

Thanks! Got it!

Only there was one nuance... I configured:

network.negotiate-auth.delegation-uris network.negotiate-auth.trusted-uris

to http:// (our sites in intranet without Interner connection, and we trust to all our http:// sites =) )

Our site authentication by kerberos.

And when I open any sites in developer tools - Network tab I see that all links / resources first get 401 error and only after the site tries to download all the links received in response 401 errors, only then it starts to load them again but it seems on behalf of the current user and then everything is fine - 200 code.

In the access logs the web server and it turned out that the first treatment went anonymously on all links, and only then on behalf of the current user

Modified by strelkovandrey

Mike Kaply
Mike Kaply
  • Moderator

If you're thinking this is a bug, please open a bugzilla bug. Thanks!