I'm trying to get NTLM single sign-on to work on the three major Windows browsers. Chrome and IE work fine at this point. In Firefox there is a login prompt which rejects invalid users and accepts valid ones, but most interestingly authentication also succeeds if I press the cancel button. In the config fields network.automatic-ntlm-auth.trusted-uris network.negotiate-auth.delegation-uris and network.negotiate-auth.trusted-uris I tried all possible combinations of the website url with/without the http:// - prefix, with/without the full path after the host and also leaving some of the fields blank. I also used the developer tools network tab to look at the communication with the server. The three types of NTLM messages as detailed here http://www.innovation.ch/personal/ronald/ntlm.html can be seen going back and forth so the NTLM authentication seems to be working fine. The only annoying part is that it only seems to take place after dismissing the login prompt. Also, before someone tells me to use Kerberos instead of NTLM, the only use case for SSO in this context is to fetch the name of the visitor of the web application without the user having to enter anything. Thus security is not a concern.