Firefox is not sending authentication credentials transparently (SSO)

Question:

Environment: Cisco Web Security Appliance (WSA), all versions of AsyncOS

Firefox is not sending authentication credentials transparently. Internet Explorer is working correctly with transparent authentication.

Note: This Knowledge Base article references software which is not maintained or supported by Cisco. The information is provided as a courtesy for your convenience. For further assistance, please contact the software vendor.

Some versions of Firefox do not automatically trust all servers to send transparent credentials to. The newest versions appear to be having the problem.

You will need to manually add the Web Security Appliance transparent authentication redirection hostname into the trusted URLs in Firefox.  This value can be found in the GUI interface on the Network -->  Authentication page.  Look for the setting

"Transparent Authentication Redirect Hostname".

1. Open Firefox and type about:config in the address bar (without the quotes).
2. In the Filter field type the following network.automatic-ntlm-auth.trusted-uris.
3. Double-click the name of the preference that we just searched for.
4. Enter the Transparent Authentication Redirect Hostname.

For Firefox version 10 - 12 running on Windows 7, also need the following to be changed to "False".

• network.auth.force-generic-ntlm = false