This is a small, one-time configuration that must be made on the client machine to enable Single Sign-On support for your browser.
Note: This needs to be done for each user on each machine.
Note: If you have services in multiple domains, repeat the section for your browser with the second domain name. e.g. add both *.acme.com and *.tree.com.
Windows:
For Internet Explorer:
Open Internet Explorer and go to Tools -> Internet Options -> Security -> Local Intranet -> Sites -> Advanced and add the address of your Files Advanced server - e.g. https://ahsoka.acme.com (or just *.acme.com) and restart the browser.
For Chrome:
Chrome uses the same settings as Internet Explorer, so once you’ve configure it for SSO, Chrome will just work as well. However, to enable credential delegation, which is necessary for browsing network nodes from the Web interface, you must configure Chrome to allow it (Internet Explorer allows it by default):
Open the registry editor (regedit32.exe)
Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome
Create the Google\Chrome keys if they don't already exist.
Right click on the Policies folder and select New -> Key.
Type in Google for the folder name.
Right click on the Google folder and select New -> Key.
Type in Chrome for the folder name.
Click on the Chrome folder and in the white panel on the right, right-click and select New -> String Value.
Enter the key name: AuthNegotiateDelegateWhitelist.
Set your domain name (e.g. ahsoka.acme.com or *.acme.com)as the value for the AuthNegotiateDelegateWhitelist registry key.
Restart Chrome.
For Firefox:
Type about:config in the address bar and press enter.
Find and edit the preference network.negotiate-auth.trusted-uris and add https://ahsoka.acme.com , or just .acme.com, [the list is comma-separated].
Note: To add all subdomains use the format ".example.com" (NOT *.example.com)
To enable Network Data Sources support, you will need to also edit network.negotiate-auth.delegation-uris by adding ahsoka.acme.com or just the domain name - acme.com.
Restart Firefox.
Mac:
Note: This needs to be done for each user on each machine.
For Safari:
It will just work.
For Firefox:
Type about:config in the address bar and press enter.
Find and edit the preference network.negotiate-auth.trusted-uris and add https://ahsoka.acme.com , or just .acme.com, [the list is comma-separated].
Note: To add all subdomains use the format ".example.com" (NOT *.example.com)
To enable Network Data Sources support, you will need to also edit network.negotiate-auth.delegation-uris by adding ahsoka.acme.com or just the domain name - acme.com.
Restart Firefox.
For Chrome:
Using the Ticket Viewer application (/System/Library/CoreServices/Ticket Viewer), you can check if you have a Kerberos ticket and create one if it hasn't been created automatically.
Note: You also can create a ticket via the Terminal by entering kinit and then your password.
To configure Chrome's whitelist to allow authentication against any domains you will be using, open the Terminal and run the following commands: