Integrated Windows Authentication browser requirements
- Kiss, Mate
Owned by Kiss, Mate
May 24, 2022
2 min read
Loading data...
If you have problems with IWA, verify the following:
- For all types of browsers
- Use the hostname of the server instead of the IP address
- Use https, make sure the server's certificate is trusted by the browser
- Add the URL to Local intranet zone in IE even if you use Chrome or Firefox
AD SSO might not work if Internet Explorer does not consider the server as a Local Intranet site. Make sure you add your service domain URL (e.g. verba.company.com) to the Local intranet zone in Internet Explorer.Go to Tools > Internet Options > Security
Select the Local intranet icon and click Sites
Click Advanced and add the URL of the server (for example:Â http://verbaserver.com).
- Internet Explorer
- Strange error pages with HTTP Status 401
Internet Explorer users may occasionally receive strange error pages after logged in to Verba using Single Sign On. Unfortunately, the cause of the issue is an Internet Explorer feature and can be solved on the client computer only. Microsoft has confirmed that this is a problem with the Microsoft products.
The only workaround currently is to disable NTLM Pre-Authentication on the client computer:Use Registry Editor (Regedt32.exe) to add a value to the following registry key: HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Internet Settings/
Add the following registry value:
Value Name: DisableNTLMPreAuth
Data Type: REG_DWORD
Value: 1
A description and the same workaround from Microsoft can be read here:Â http://support.microsoft.com/kb/2749007Â
- Ensure that "Enable Integrated Windows Authentication" is checked (by default it is).
Go to Tools > Internet Options > Advanced
Scroll down to the Security section
Find "Enable Integrated Windows Authentication" and ensure that it is checked.
- Strange error pages with HTTP Status 401
- Firefox
- If SSO does not work (ie. an unexpected login box appears, or HTTP 401 error comes up), probably the Verba server has to be added to the trusted SSO servers.
At the address field, type about:config
In the Filter, type network.n
Double click on network.negotiate-auth.trusted-uris
This preference lists the sites that are permitted to engage in SPNEGO Authentication with the browser
Enter a comma-delimited list of trusted domains or URLs (for example: http://verbaserver.com).
- If SSO does not work (ie. an unexpected login box appears, or HTTP 401 error comes up), probably the Verba server has to be added to the trusted SSO servers.
- Chrome
- Everything should work properly without any further configuration.
Â