This article describes how to configure the browsers so they request Kerberos tickets from the Active Directory Domain Controller and send them to Airlock IAM. The example illustrates what must be configured for the domains https://a.airlock.com and https://b.airlock.com.
Windows Edge / IE
- Open the Internet options dialog
- Switch to the tab Advanced
- Enable the checkbox Enable Integrated Windows Authentication (a restart is required).
- Switch to the tab Security
- Select the zone Trusted sites
- Click on Custom level
- Scroll down to User Authentication > Logon and enable Automatic logon with current user name and password. Then click on OK.
- Click on Sites
- Add the websites to the list (in this example those would be:
https://a.airlock.comandhttps://b.airlock.com) - Click on Close and then OK to close the Internet options
Google Chrome
The Google Chrome Browser uses the same settings as Internet Explorer. After configuring Internet Explorer correctly, Front-side Kerberos with Google Chrome should work as well.
Mozilla Firefox
- Open Firefox and navigate to about:config
- Click on I accept the risk when the warning appears
- Search for negotiate
- Double click the Preference Name network.negotiate-auth.trusted-uris to edit the setting
- Enter a comma-separated list of the trusted websites
(in this example those would be:https://a.airlock.comandhttps://b.airlock.com) - Click on OK and close the browser tab of about:config