Intended for: Single sign-on (SSO) users who want to access an application via the Kerberos authentication option
Scenario/Use case:
Before you can log in to a Fermilab SSO-enabled application via Kerberos authentication, you will first need to configure your browser for Kerberos authentication by following the steps below.
Instructions:
Internet Explorer Top of page
* If you are using a Windows computer in the FERMI domain (this includes the vast majority of Fermilab-owned Windows computers), then no additional configuration is needed.
* Single sign-on (SSO) users on a non-domain, non-Fermilab-owned Windows computer are advised to use their Fermilab CILogon Silver CA certificate or Services username and password to access an SSO-enabled application. If you attempt to use "On Site Fermi Windows System" or "Kerberos" login options you will be presented with a pop-up window. Do not enter your credentials, click cancel and you will be redirected to username and password login page.
Edge Top of page
Edge shares configuration with Internet Explorer
Safari Top of page
No additional configuration is needed.
Firefox Top of page
1. Open a new tab.
2. Type about:config in the address bar and click I accept the risk!
You will see the configuration parameters editor.
3. Find the parameter network.negotiate-auth.trusted-uris and set the value to fnal.gov
Chrome Top of page
Windows: Chrome on Windows shares the configuration with Internet Explorer and Edge
Mac: Chrome on Mac requires command line arguments on start up. Go to the Chrome directory and start Chrome with the AuthServerWhitelist parameter
cd /Applications/Google Chrome.app/Contents/MacOS
./"Google Chrome" --auth-server-whitelist="*.fnal.gov" --auth-negotiate-delegate-whitelist="*.fnal.gov"
Linux: Chrome on Linux requires command line arguments on start up
/usr/bin/google-chrome-stable %U --auth-server-whitelist="*.fnal.gov" --auth-negotiate-delegate-whitelist="*.fnal.gov"
See Also:
How to choose an authentication option on the Fermilab single sign-on (SSO) page