Users get prompted for authentication when using the Symantec Auth Connector as the SAML IdP with Chrome and Firefox browsers. As an administrator, I would like seamless authentication (without the need to re-enter a user’s password) in a corporate network.
Web Security Service
Auth Connector as IdP
The browsers need to be configured to use Kerberos or NTLM authentication
To allow the Kerberos/NTLM transactions, the client browsers must trust the Auth Connector agent. The browser cannot present a cached credential unless the site (the Auth Connector hostname) exists in the local/trusted site zone. You can accomplish this with various methods.
Navigate to Tools > Internet Options > Security
Make sure that Automatically detect intranet network is checked
Add the BCCA hostname to the Local Intranet. e.g http://bcca-hostname
Make sure that Enable Integrated Windows Authentication is checked under Internet Options > Advanced tab and in the Security section
Use group policy to configure browsers to add the Auth Connector hostname to their Local Intranet
The latest version of Chrome, automatically detect Kerberos/NTLM authentication, make sure to also apply the changes listed above and these will also apply to the Google Chromebrowser.
By default, Kerberos support in Firefox is disabled. To enable it, do the following:
Open the browser configuration window
Type about:config in the address bar.
Then in the following parameters specify the addresses of the web servers, for which you are going to use Kerberos/NTLM authentication.