Integrated Authentication with Firefox and Exchange 2010
With the Exchange 2010 Outlook Web App or OWA, it is possible to use Firefox to access your mailbox. Yes, this was always possible but the premium features were only available for Internet Explorer users. As of now, I could only detect one small difference between Firefox and IE namely the S/MIME functionality. Most users or even admins probably don’t know that it exists as it not often implemented.
I am a frequent user of Firefox and prefer it above IE, especially now with Exchange 2010. However, I am annoyed that I always have to enter my login credentials. That’s another benefit of IE: support for Integrated Authentication on Exchange. When logged in on a windows domain computer, why would you have to also log into the Webmail? You are already authenticated.
But… Firefox also supports Integrated Authentication! It is not configured by default, so this way it doesn’t accidentally present AD authentication information to an Internet server. Internet Explorer can be configured to forcibly recognize intranet domain names via Group Policies.
Just type the following in the Firefox addressbar:
about:config
And edit the following values:
network.negotiate-auth.delegation-uris
network.negotiate-auth.gsslib
network.negotiate-auth.trusted-uris
Just add the internal domain or the FQDN of your Exchange (CAS) server. The change is implemented instantly, but remember this only works on Windows domain computers residing in the same domain or forest as your Exchange Server.
Now I’m investigating whether these settings can be configured centrally via GPO’s or scripts. But that is another challenge as Firefox uses configuration files (prefs.js in the user profile) and no registry settings. If you have figured this out, let me know!
Further Reading:
Mozilla Firefox: Integrated Authentication