Client browser setup for pass-through AD Authentication

When configuring your intranet site to use AD Authentication it is possible to have your user's browsers automatically respond to the challenge for domain credentials. This requires a modification to your users' browser security settings to confirm that it is safe to exchange their currently logged in credentials with the intranet site on request.

The following browser instructions are for Microsoft Internet Explorer and Google Chrome

note that Chrome inherits its settings from IE's Local Intranet Zone. Even if this user is never planning to log in with IE, the following modifications must be made to ensure pass through on Chrome

1. Start the Internet Explorer browser
2. Select Tools, Internet Options
3. Click on Security Tab
4. Click on Local Intranet Zone so that it is highlighted
5. Click on Sites then click on Advanced.
6. Type in the local Intranet Site (http://ipaddressofserver) and click on the ADD button

The following browser instructions are for Firefox.

1. Start Firefox. In the address bar type About:Config
2. Once past the agreement prompt, type NTLM into the filter box
3. Double click on network.automatic-ntlm-auth.trusted-uris entry

Note: Environments limited to Kerberos authentication and do not accept NTLM authentication will need to adjust the network.negotiate-auth.delegation-uris, as well.

4. Type in the local Intranet Site (http://ipaddressofserver) and click on the OK button


These settings will need to be adjusted on all user PC's. In the case of Internet Explorer, this modification can be controlled via Group Policy. If you elect to not adjust each user's PC, the AD logon will NOT be passed to the intranet and the user will be prompted with their AD username and password logon each time they enter the intranet site. 

Referenced by:

Have more questions? Submit a request


Article is closed for comments.