Mozilla Firefox and derivatives

Owned by Stefan Paetow
Last updated: Sept 12, 2019 by Alex Perez Mendez
2 min read

Firefox is the Mozilla Corporation's web browser. See the Mozilla Corporation's website for more details. Various Firefox derivatives exist, including Iceweasel, a Mozilla-trademark-free version of the browser on Debian

Contents

1. Overview

Most modern versions of Firefox are generally compatible with Moonshot.

On Linux, Firefox is integrated with the GSS-API and uses the Moonshot Identity Selector.

On macOS, Firefox is integrated with the GSS-API and uses the Moonshot Identity Manager.

On Windows, Firefox is integrated with the Windows Security Support Provider Interface (SSPI) and requires the Moonshot SSP.

2. Compatibility

2.1. Key

In the tables below, the following icons have the following meanings:

  • (tick) - This version of the software has been tested and verified as supporting Moonshot.
  • (error) - This version of the software has been tested and verified as not supporting Moonshot.
  • (question) - This version of the software has not yet been tested thoroughly and its status is not known. Let us know if you have tried it and whether it worked or not!

2.2. Compatibility List

Note that accessing supported versions of this software requires a Moonshot compatible client - see the next section for details on which clients are supported.

Firefox/Iceweasel >= v22 

VersionCompatible?Notes
Firefox/Iceweasel v22 and later(tick)When running on a supported platform

3. Installation Instructions

This software does not require any special installation instructions - install it as you normally would.

4. Configuration Instructions

By default, Firefox disables the Negotiate options in their configuration for security reasons.

To enable these, follow the below steps:

  1. Open a new tab in the browser

  2. Into the address field type about:config and confirm the subsequent warning:

  3. Into the Preferences search bar type negotiate to show the Negotiate options
     
  4. Adjust the network.negotiate-auth.trusted-uris and/or network.negotiate-auth.delegation-uris options with the hosts or realms that you would like to enable Negotiate authentication for:
  5. On versions of macOS later than El Capitan, you must also sidestep the Apple sandboxing functionality:

    1. Create a soft link to the existing Kerberos library:

      sudo ln -s /System/Library/Frameworks/Kerberos.framework/Kerberos /usr/local/lib/libgssapi_krb5.dylib


    2. Adjust the network.negotiate-auth.gsslib option with the location of the 'new' library you set in the step above:

  6. Restart your browser.

For more information on Firefox and the Negotiate protocol, visit the Mozilla Developer Network page on Integrated Authentication.

5. Credential Storage

5.1. Windows

On Windows, you must store the website credentials in the Windows Credential Manager before you try to connect to the website. For more information on storing credentials in the Credential Manager, see Section 2.2 of the Windows Credential Manager page.

Not using the Windows Credential Manager will cause a HTTP 403 error to be displayed. Firefox will not prompt for alternate credentials.

5.2. Linux

On Linux you should use the Moonshot Identity Selector.

5.3. macOS

macOS support is currently in development, you must currently use the .gss_eap_id file in your home directory. See the macOS Compatibility List for more details.

6. Server Compatibility

The following servers are known to work with this server software using Moonshot authentication (click on the link to see further information about enabling Moonshot in that server):