Intranet site 401 Unauthorized kerberos SSO
Hi!
We have a intranet site that works in Edge and Chrome without issues with the site added to "internet options". But for some reason we are getting 401 Unauthorized when trying to access it from Firefox. I have tried adding the urls to: network.automatic-ntlm-auth.trusted-uris network.automatic-ntlm-auth.allow-proxies: true network.automatic-ntlm-auth.allow-non-fqdn: true network.auth.force-generic-ntlm: false network.auth.force-generic-ntlm-v1: false
Ingocnito mode , same error. I have tried disabling all plugins. Disabled DNS over HTTPS.
HTTP/1.1 401 Unauthorized Server: Microsoft-IIS/10.0 WWW-Authenticate: Negotiate X-Powered-By: ASP.NET Date: Mon, 25 May 2026 08:15:41 GMT Content-Length: 0
Regards Rasmus
All Replies (3)
I assume it's configured with network.negotiate-auth.trusted-uris and related network.negotiate-auth.delegation-uris — according to https://firefox-admin-docs.mozilla.org/reference/policies/authentication/ where it's configured in most cases.
Linux specifics aside, the Firefox config steps are also described e.g. in https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/5/html/deployment_guide/sso-config-firefox
Hi!
Yes these are all tested except network.auth.private-browsing-sso, but this one did not help either. These settings are only changed in the about:config at first. Will deploy them later to everyone when we find the issue.
Regards Rasmus
Do you have any logs from the server side, Rasmus? — To see if there are actually any attempts to submit the kerberos ticket at all? Or it's a just a single 401 only… and then silence.
Also please share your setup (OS versions, browser distribution/channel etc.?) — it's not apparent what versions you're trying to deploy as this question was not submitted from within one.
You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.