Configure Firefox for Kerberos SSO on Fedora or RHEL

Single Sign On (SSO) is one of those nirvana things that rarely happens and a lot of people don’t understand (a central single username/password is not SSO people if you have to keep entering the password!!) but it’s very useful when it does work. With Firefox on Fedora or RHEL it works but it does take a little bit of config to do so efficiently.

  1. In the Firefox address bar type about:config to display the list of current configuration options.
  2. Filter the options with ‘negotiate’ to reduce the list of options.
  3. Double-click the network.negotiate-auth.trusted-uris entry and add the kerberos auth domain, eg: “.example.com” and click OK.
  4. Repeat the process for the network.negotiate-auth.delegation-uris entry, using the same domain.

Now you need to ensure you have a kerberos ticket. If you’ve configured an “Enterprise Login” using the GNOME Online Accounts check you have a ticket with the ‘klist’ command from a terminal window. If you don’t have a valid ticket run ‘kinit’ and from there you should be able to visit SSO enable sites and be auto logged in. Magic!