Integrated Authentication with Firefox and Exchange 2010

Published 17 February 10 10:21 AM | dmstork 

With the Exchange 2010 Outlook Web App or OWA, it is possible to use Firefox to access your mailbox. Yes, this was always possible but the premium features were only available for Internet Explorer users. As of now, I could only detect one small difference between Firefox and IE namely the S/MIME functionality. Most users or even admins probably don’t know that it exists as it not often implemented.

I am a frequent user of Firefox and prefer it above IE, especially now with Exchange 2010. However, I am annoyed that I always have to enter my login credentials. That’s another benefit of IE: support for Integrated Authentication on Exchange. When logged in on a windows domain computer, why would you have to also log into the Webmail? You are already authenticated.

But… Firefox also supports Integrated Authentication! It is not configured by default, so this way it doesn’t accidentally present AD authentication information to an Internet server. Internet Explorer can be configured to forcibly recognize intranet domain names via Group Policies.

Just type the following in the Firefox addressbar:

about:config

And edit the following values:

network.negotiate-auth.delegation-uris
network.negotiate-auth.gsslib
network.negotiate-auth.trusted-uris

Just add the internal domain or the FQDN of your Exchange (CAS) server. The change is implemented instantly, but remember this only works on Windows domain computers residing in the same domain or forest as your Exchange Server.

Now I’m investigating whether these settings can be configured centrally via GPO’s or scripts. But that is another challenge as Firefox uses configuration files (prefs.js in the user profile) and no registry settings. If you have figured this out, let me know!

Further Reading:
Mozilla Firefox: Integrated Authentication

Exchange 2010: Configure Integrated Windows Authentication

Filed under:

Comments

# Actice Directory Round 2/26/2010 - The Experts Community said on February 26, 2010 1:58 PM:

PingBack from http://theexpertscommunity.com/item/view/id/1723

# ISA 2006 Webproxy Authentifizierung - MCSEboard.de MCSE Forum said on March 24, 2010 3:19 PM:

PingBack from https://www.mcseboard.de/windows-server-forum-78/isa-2006-webproxy-authentifizierung-163912.html#post1008820

# Dave Stork's IMHO said on January 18, 2011 4:20 PM:

I love Outlook Web App. It’s rich functionality, management capabilities via ECP and especially the multiple

Anonymous comments are disabled

About dmstork

I'm an employee at a Dutch IT-Company (www.ogd.nl) and frequently come in contact with customers with specific questions on Microsoft products. Of those products my personal favorite is Microsoft Exchange. Sander made me aware of the DirTeam.com/ActiveDir.org blogs.

Search

Go

This Blog

Syndication