Configuring browser settings for Kerberos authentication

After the Active Directory administrator has configured the Active Directory for Kerberos, the BMC Helix Single Sign-On administrator has configured a realm for Kerberos authentication, you must make sure that the browser on an end user's system is configured to support Kerberos authentication.

To configure Google Chrome and Microsoft Edge

For Google Chrome and Microsoft Edge on Windows, Kerberos authentication is configured in general settings of the operating system:

1. Go to Control Panel and select Internet Options > Advanced.
2. On the Advanced tab and in the Security section, select Enable Integrated Windows Authentication (requires restart).
3. On the Security tab, select Local intranet.
4. Click Custom Level.
5. In the User Authentication/Logon section, select Automatic logon only in Intranet zone.
6. Click OK.
7. Click Sites and select all check boxes.
8. Click Advanced and add the BMC Helix SSO service website to the local zone (the website might be already added). For example, https://sample.bmc.com.
9. Click Add.

To configure Mozilla Firefox

1. In the browser window, enter the following URL: about:config.
2. Click Accept the Risk and Continue.

3. In the Search preference name field, enter network.negotiate-auth.trusted-uris, and double click it.

4. Specify a FQDN of the BMC Helix SSO server with a protocol, for example, https://sample.bmc.com.

5. Click Save.