0
How to Configure Kerberos Authentication in Edge, Chrome, and Firefox (version 25)
Knowledge Base / Version 25 / System Admin Duties / Identity
If wishing to enable Kerberos within the Identity service, the following configuration changes may be needed depending on the browser you are using.
Edge
- Install the Edge administrative template .
- Add the hostname of the Identity service to the
Http authentication
->AuthServerAllowlist
policy. Docs
Chrome
- Install the Chrome administrative template .
- Add the hostname of the Identity service to the
Http authentication
->AuthServerAllowList
policy. Docs
Firefox
- Install the Firefox administrative template .
- Add the hostname of the Identity service to the
Authentication
->SPNEGO
policy. Docs
Load Balancer
When the Identity service is behind a load balancer or reverse proxy (including the Axiom reverse proxy which was introduced in v25.0), the Identity service will need to be running as a domain account, and an SPN must be created. The SPN should have the hostname of the load balancer/proxy, and should be placed on the service account which is running the Identity service. For example:
setspn -S HTTP/load-balancer.example.com domain\ServiceAccount