Chapter 14. Configuring applications for a single sign-on


Single sign-on (SSO) is an authentication scheme which allows you to log into multiple systems through a single log-in procedure. You can configure browsers and email clients to use Kerberos tickets, SSL certifications, or tokens as a means of authenticating users.

The configuration of different applications may vary. This chapter shows how to configure SSO authentication schema for the Mozilla Thunderbird email client and Mozilla Firefox web browser as the examples.

14.1. Prerequisites

  • You have installed the following applications:

    • Mozilla Firefox version 88
    • Mozilla Thunderbird version 78

14.2. Configuring Firefox to use Kerberos for single sign-on

You can configure Firefox to use Kerberos for single sign-on (SSO) to intranet sites and other protected websites. To do so, you first have to configure Firefox to send Kerberos credentials to the appropriate Key Distribution Center (KDC).

Note

Even after Firefox is configured to pass Kerberos credentials, it still requires a valid Kerberos ticket to use. To generate a Kerberos ticket, use the kinit command and supply the user password for the user on the KDC.

[jsmith@host ~] $ kinit
Password for jsmith@EXAMPLE.COM:

Procedure

  1. In the address bar of Firefox, type about:config to display the list of current configuration options.
  2. In the Filter field, type negotiate to restrict the list of options.
  3. Double-click the network.negotiate-auth.trusted-uris entry.
  4. Enter the name of the domain against which to authenticate, including the preceding period (.). If you want to add multiple domains, enter them in a comma separated list.

    Figure 14.1. Manual Firefox Configuration

    kerberos firefox

Additional resources

14.3. Viewing certificates in Firefox

The following example shows how to view certificates in the Mozilla Firefox.

To view certificates in Firefox, you need to open the Certificate Manager.

Procedure

  1. In Mozilla Firefox, open the Firefox menu and select Preferences.

    Firefox preferences
  2. In the left panel, select the Privacy & Security section.

    Privacy & security
  3. Scroll down to the Certificates section.
  4. Click View Certificates to open the Certificate Manager.

    firefox view certificates

14.4. Importing CA certificates in Firefox

The following example shows how to import certificates in the Mozilla Firefox.

Prerequisites

  • You have a CA certificate on your device.

To import a CA certificate:

Procedure

  1. Open Certificate Manager.
  2. Select the Authorities tab and click Import.

    Figure 14.2. Importing the CA Certificate in Firefox

    firefox import certificates
  3. Select the downloaded CA certificate from your device.

14.5. Editing certificate trust settings in Firefox

The following example shows how to edit certificate settings in the Mozilla Firefox.

Prerequisites

  1. You have successfully imported a certificate.

To set the certificate trust settings:

Procedure

  1. Open Certificate Manager.
  2. Under the Authorities tab, select the appropriate certificate and click Edit Trust.
  3. Edit the certificate trust settings.

    Figure 14.3. Editing the Certificate Trust Settings in Firefox

    firefox editing certificate

14.6. Importing personal certificate for authentication in Firefox

The following example shows how to import personal certificates for authentication in the Mozilla Firefox.

Prerequisites

  1. You have a personal certificate stored on your device.

To use a personal certificate for authentication:

Procedure

  1. Open Certificate Manager.
  2. Select the Your Certificates tab and click Import.

    Figure 14.4. Importing a Personal Certificate for Authentication in Firefox

    firefox import custom certificate
  3. Select the appropriate certificate from your computer.

14.7. Viewing certificates in Thunderbird

The following example shows how to view certificates in the Mozilla Thunderbird email client.

Procedure

  1. In Mozilla Thunderbird, open the main menu and select Preferences.

    Figure 14.5. Selecting preferences from menu

    Privacy & security
  2. In the left panel, select the Privacy & Security section.

    Figure 14.6. Selecting security section

    Privacy & security
  3. Scroll down to the Certificates section.
  4. Click Manage Certificates to open the Certificate Manager.

    Figure 14.7. Opening certificate manager

    Privacy & security

14.8. Importing certificates in Thunderbird

The following example shows how to import certificates in the Mozilla Thunderbird email client.

Prerequisites

  • You have a CA certificate stored on your device.

To import a CA certificate:

Procedure

  1. Open Certificate Manager.
  2. Select the Authorities tab and click Import.

    Figure 14.8. Importing the CA certificate in Thunderbird

    thunderbird import cert
  3. Select the downloaded CA certificate.

14.9. Editing certificate trust settings in Thunderbird

The following example shows how to edit certificate settings in the Mozilla Thunderbird email client.

Prerequisites

  • You have successfully imported a certificate.

To set the certificate trust relationships:

Procedure

  1. Open Certificate Manager.
  2. Under the Authorities tab, select the appropriate certificate and click Edit Trust.
  3. Edit the certificate trust settings.

    Figure 14.9. Editing the certificate trust settings in Thunderbird

    thunderbird edit cert

14.10. Importing personal certificate in Thunderbird

The following example shows how to import certificates for personal authentication in the Mozilla Thunderbird email client.

Prerequisites

  1. You have a personal certificate stored on your device.

To use a personal certificate for authentication:

Procedure

  1. Open Certificate Manager.
  2. Under the Your Certificates tab, click Import.

    Figure 14.10. Importing a personal certificate for authentication in Thunderbird

    thunderbird import custom cert
  3. Select the required certificate from your computer.
  4. Close the Certificate Manager.
  5. Open the main menu and select Account Settings.

    Figure 14.11. Selecting account settings from menu

    thunderbird account settings
  6. Select End-To-End Encryption in the left panel under your account email address.

    Selecting end-to-end encryption section.

    thunderbird end to end
  7. Under S/MIME section click the first Select button to choose your personal certificate to use for signing messages.
  8. Under S/MIME section click the second Select button to choose your personal certificate to encrypt and decrypt messages.

    Choosing certificate for signing and encryption/decryption.

    thunderbird select personal cert
Note

In case you forgot to import valid certificate, you can open Certificate Manager directly using the Manage S/MIME certificates.

Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.