Configuring browser settings for Kerberos authentication
After Active Directory administrator has configured the Active Directory for Kerberos, the Remedy Single Sign-On administrator has configured a realm for Kerberos authentication, you must make sure that the browser on an end user's system is configured to support Kerberos authentication.
To configure Google Chrome
Google Chrome supports Kerberos authentication. If you configure Internet Explorer, then no additional settings are required for Google Chrome because it uses Internet Explorer settings.
To configure Internet Explorer
- Navigate to Tools > Internet Options > Advanced.
- On the Advanced tab and in the Security section, select Enable Integrated Windows Authentication (requires restart).
- On the Security tab, select Local Intranet.
- Click Custom Level.
- In the User Authentication/Logon section, select Automatic logon only in Intranet zone.
- Click OK.
- Click Sites and select all check boxes.
- Click Advanced and add Remedy SSO service website to the local zone (the website might be already added). For example, sample.bmc.com.
- Click Add.
- Click OK for all pop-ups.
To configure Mozilla Firefox
- In the browser window, enter the following URL: about:config.
- Click I accept the risk!
Search for network.negotiate-auth.trusted-uris by the Preference Name, and double click it.
Type a FQDN of the Remedy SSO server, for example, https://sample.bmc.com.
- Search for network.automatic-ntlm-auth.trusted-uris by the Preference Name, and double click it.
- Type a FQDN of the Remedy SSO server, for example, https://sample.bmc.com.
- Click OK.