Chapter 14. Configuring applications for a single sign-on
Single sign-on (SSO) is an authentication scheme which allows you to log into multiple systems through a single log-in procedure. You can configure browsers and email clients to use Kerberos tickets, SSL certifications, or tokens as a means of authenticating users.
The configuration of different applications may vary. This chapter shows how to configure SSO authentication schema for the Mozilla Thunderbird email client and Mozilla Firefox web browser as the examples.
14.1. Prerequisites
You have installed the following applications:
- Mozilla Firefox version 88
- Mozilla Thunderbird version 78
14.2. Configuring Firefox to use Kerberos for single sign-on
You can configure Firefox to use Kerberos for single sign-on (SSO) to intranet sites and other protected websites. To do so, you first have to configure Firefox to send Kerberos credentials to the appropriate Key Distribution Center (KDC).
Even after Firefox is configured to pass Kerberos credentials, it still requires a valid Kerberos ticket to use. To generate a Kerberos ticket, use the kinit
command and supply the user password for the user on the KDC.
[jsmith@host ~] $ kinit Password for jsmith@EXAMPLE.COM:
Procedure
-
In the address bar of Firefox, type
about:config
to display the list of current configuration options. -
In the
Filter
field, typenegotiate
to restrict the list of options. -
Double-click the
network.negotiate-auth.trusted-uris
entry. Enter the name of the domain against which to authenticate, including the preceding period (.). If you want to add multiple domains, enter them in a comma separated list.
Figure 14.1. Manual Firefox Configuration
Additional resources
- For information about configuring Firefox to use Kerberos in Identity Management, see the corresponding section in the Linux Domain Identity, Authentication, and Policy Guide.
14.3. Viewing certificates in Firefox
The following example shows how to view certificates in the Mozilla Firefox.
To view certificates in Firefox, you need to open the Certificate Manager
.
Procedure
In Mozilla Firefox, open the Firefox menu and select
.In the left panel, select the
Privacy & Security
section.-
Scroll down to the
Certificates
section. Click
to open theCertificate Manager
.
14.4. Importing CA certificates in Firefox
The following example shows how to import certificates in the Mozilla Firefox.
Prerequisites
- You have a CA certificate on your device.
To import a CA certificate:
Procedure
-
Open
Certificate Manager
. Select the
Authorities
tab and click .Figure 14.2. Importing the CA Certificate in Firefox
- Select the downloaded CA certificate from your device.
14.5. Editing certificate trust settings in Firefox
The following example shows how to edit certificate settings in the Mozilla Firefox.
Prerequisites
- You have successfully imported a certificate.
To set the certificate trust settings:
Procedure
-
Open
Certificate Manager
. -
Under the
Authorities
tab, select the appropriate certificate and click . Edit the certificate trust settings.
Figure 14.3. Editing the Certificate Trust Settings in Firefox
14.6. Importing personal certificate for authentication in Firefox
The following example shows how to import personal certificates for authentication in the Mozilla Firefox.
Prerequisites
- You have a personal certificate stored on your device.
To use a personal certificate for authentication:
Procedure
-
Open
Certificate Manager
. Select the
Your Certificates
tab and click .Figure 14.4. Importing a Personal Certificate for Authentication in Firefox
- Select the appropriate certificate from your computer.
14.7. Viewing certificates in Thunderbird
The following example shows how to view certificates in the Mozilla Thunderbird email client.
Procedure
In Mozilla Thunderbird, open the main menu and select
Preferences
.Figure 14.5. Selecting preferences from menu
In the left panel, select the
Privacy & Security
section.Figure 14.6. Selecting security section
-
Scroll down to the
Certificates
section. Click
to open theCertificate Manager
.Figure 14.7. Opening certificate manager
14.8. Importing certificates in Thunderbird
The following example shows how to import certificates in the Mozilla Thunderbird email client.
Prerequisites
- You have a CA certificate stored on your device.
To import a CA certificate:
Procedure
-
Open
Certificate Manager
. Select the
Authorities
tab and click .Figure 14.8. Importing the CA certificate in Thunderbird
- Select the downloaded CA certificate.
14.9. Editing certificate trust settings in Thunderbird
The following example shows how to edit certificate settings in the Mozilla Thunderbird email client.
Prerequisites
- You have successfully imported a certificate.
To set the certificate trust relationships:
Procedure
-
Open
Certificate Manager
. -
Under the
Authorities
tab, select the appropriate certificate and click . Edit the certificate trust settings.
Figure 14.9. Editing the certificate trust settings in Thunderbird
14.10. Importing personal certificate in Thunderbird
The following example shows how to import certificates for personal authentication in the Mozilla Thunderbird email client.
Prerequisites
- You have a personal certificate stored on your device.
To use a personal certificate for authentication:
Procedure
-
Open
Certificate Manager
. Under the
Your Certificates
tab, click .Figure 14.10. Importing a personal certificate for authentication in Thunderbird
- Select the required certificate from your computer.
-
Close the
Certificate Manager
. Open the main menu and select
Account Settings
.Figure 14.11. Selecting account settings from menu
Select
End-To-End Encryption
in the left panel under your account email address.Selecting end-to-end encryption section.
-
Under
S/MIME
section click the first button to choose your personal certificate to use for signing messages. Under
S/MIME
section click the second button to choose your personal certificate to encrypt and decrypt messages.Choosing certificate for signing and encryption/decryption.
In case you forgot to import valid certificate, you can open Certificate Manager
directly using the Manage S/MIME certificates
.