Integrated Windows Authentication browser requirements

Owned by Kiss, Mate
Mar 03, 2023
2 min read

If you have problems with IWA, verify the following:

  • For all types of browsers
    • Use the hostname of the server instead of the IP address
    • Use https, make sure the server's certificate is trusted by the browser
    • Add the URL to Local intranet zone in IE even if you use Chrome or Firefox
      AD SSO might not work if Internet Explorer does not consider the server as a Local Intranet site. Make sure you add your service domain URL (e.g. verba.company.com) to the Local intranet zone in Internet Explorer.

      Go to Tools > Internet Options > Security
      Select the Local intranet icon and click Sites
      Click Advanced and add the URL of the server (for example: http://verbaserver.com).

  • Internet Explorer
    • Strange error pages with HTTP Status 401
      Internet Explorer users may occasionally receive strange error pages after logged in to Verba using Single Sign On. Unfortunately, the cause of the issue is an Internet Explorer feature and can be solved on the client computer only. Microsoft has confirmed that this is a problem with the Microsoft products.
      The only workaround currently is to disable NTLM Pre-Authentication on the client computer:

      Use Registry Editor (Regedt32.exe) to add a value to the following registry key: HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Internet Settings/

      Add the following registry value:

      Value Name: DisableNTLMPreAuth

      Data Type: REG_DWORD

      Value: 1

      A description and the same workaround from Microsoft can be read here: http://support.microsoft.com/kb/2749007 

    • Ensure that "Enable Integrated Windows Authentication" is checked (by default it is).
      Go to Tools > Internet Options > Advanced
      Scroll down to the Security section
      Find "Enable Integrated Windows Authentication" and ensure that it is checked.
  • Firefox
    • If SSO does not work (ie. an unexpected login box appears, or HTTP 401 error comes up), probably the Verba server has to be added to the trusted SSO servers.
      At the address field, type about:config
      In the Filter, type network.n
      Double click on network.negotiate-auth.trusted-uris
      This preference lists the sites that are permitted to engage in SPNEGO Authentication with the browser
      Enter a comma-delimited list of trusted domains or URLs (for example: http://verbaserver.com).
  • Chrome
    • Everything should work properly without any further configuration.

Â