Showing questions tagged: Show all questions

Kerberos authentication working for Chrome, Edge, Opera, and Brave, but not Firefox

Firefox (129.0.2) displays "401 - Unauthorized: Access is denied due to invalid credentials" (see attached image) I have tried various combinations of setting and not se… (read more)

Firefox (129.0.2) displays "401 - Unauthorized: Access is denied due to invalid credentials" (see attached image)

I have tried various combinations of setting and not setting the following in Firefox:

  • network.negotiate-auth.trusted-uris
  • network.negotiate-auth.delegation-uris
  • network.auth.use-sspi

For the URI settings I have tried both .domainname.domainextension and https://servicename.domainname.domainextension

In Windows 10 Control Panel -> Internet Options, the site is in "Trusted sites" using a domain wildcard, and also "Local intranet" and both "Automatic logon" and "Enable Integrated Windows Authentication" are enabled. I suspect those setting aren't relevant since other browsers are authenticating without error or prompt, but calling this out to show that I've covered that base.

The web service is served by IIS 10.0 on Windows Server 2022 and the authentication provider list only includes Negotiate, but I don't believe this issue has anything to do with IIS or its configuration as, again, other browsers are authenticating without error or prompt.

Anything else to check?

Thank you for any guidance you can offer.

Asked by bryan 5 months ago

Last reply by Mike Kaply 5 months ago

Require device sign in to fill and manage passwords BUT with GPO?

I am working on deploying Firefox with a GPO and I noticed that a saved password can be easily viewed just by going into the password manager. I found a way to disable th… (read more)

I am working on deploying Firefox with a GPO and I noticed that a saved password can be easily viewed just by going into the password manager. I found a way to disable the password manager all together, but then you can't save passwords. I am look for a way just to Require device sign in to fill and manage passwords as it says so its not just clicking the eyeball to see the password. I saw this article ( https://support.mozilla.org/en-US/kb/firefox-password-authentification-prompt ) which is how I got the description for this and that seems to be exactly what I want, But I cannot find this setting anywhere in the GPO. Anyone know where it is OR perhaps maybe you could add it?

Asked by awebber1 5 months ago

Last reply by cor-el 5 months ago

Firefox ESR/Duo: Not reporting minor version in user agent

We use ESR due to its stability and long term security updates, and we use Duo as our SSO/IDP. We have Duo set to deny login when the browser is more than 6 mo out of da… (read more)

We use ESR due to its stability and long term security updates, and we use Duo as our SSO/IDP.

We have Duo set to deny login when the browser is more than 6 mo out of date, but due to the way FF reports only the main version number via the user agent Duo is unable to determine that FF ESR is actually up to date and thinks that it's too old and my users are being denied login or getting an erroneous message about needing to update their browser.

Is there a way to set FF to report it's whole version to Duo? We would prefer not to have to "outlaw" FF in our prod environment if at all possible.

Asked by Jarrod Coombes 5 months ago

Last reply by Mike Kaply 5 months ago