5.4 Configuring the User’s Web Browser

Each user’s Web browser must be configured to trust the Access Manager Identity Server.

  1. Add the computers of the users to the Active Directory domain.

    For instructions, see your Active Directory documentation.

  2. Log in to the Active Directory domain, rather than the machine.

  3. Configure the Web browser to trust the Identity Server:

    Internet Explorer: For version 7, click Tools > Internet Options > Security > Local intranet > Sites > Advanced. (For Internet Explorer version 6, click Tools > Internet Options > Security > Trusted sites > Sites.)

    In the Add this website to the zone text box, enter the Base URL for the Identity Server, then click Add.

    In the configuration example, this is http://amser.provo.novell.com.

    Click Close.

    Firefox: In the URL field, specify about:config. In the Filter field, specify network.n. Double-click network.negotiate-auth.trusted-uris.

    For this example configuration, you would add http://amser.provo.novell.com to the list.

    This preference lists the sites that are permitted to engage in SPNEGO Authentication with the browser. Specify a comma-delimited list of trusted domains or URLs.

    If the deployed SPNEGO solution is using the advanced Kerberos feature of Credential Delegation, double-click network.negotiate-auth.delegation-uris. This preference lists the sites for which the browser can delegate user authorization to the server. Specify a comma-delimited list of trusted domains or URLs.

    For this example configuration, you would add http://amser.provo.novell.com to the list.

  4. Click OK. The configuration appears as updated.

    Restart your browser to activate this configuration.

  5. In the URL field, enter the base URL of the Identity Server with port and application. For this example configuration:

    http://amser.provo.novell.com:8080/nidp

    The Identity Server authenticates the user without prompting the user for authentication information.