Firefox Authentication App

Possible cause

  1. Firefox Authentication App
  2. Microsoft Authenticator Extension For Firefox
  3. Microsoft Authenticator Firefox

Authy Powered by Twilio. Build 2FA into your applications with Twilio APIs. Learn more about 2FA API Access the Dashboard.

  • For Mozilla Firefox, modify the browser advanced settings to trust the Citrix Receiver for Windows or Citrix Workspace app for Windows URI. Warning: Editing the advanced settings incorrectly can cause serious problems. Make edits at your own risk. Start Firefox, enter about:config in the address field and select “I accept the risk!”.
  • I am making test cases using Katalon Studio. The problem is that when I launch the test case on Firefox it shows me the 'Authentication Required' popup. Instead when I use Chrome or Explorer it doe.
  • Two-step authentication for Firefox Sync account works using an authentication app like Authy, Google Authenticator, or Microsoft’s Authenticator app. To set up two-step authentication for your.

Firefox will not work correctly with Kerberos authentication if the default browser settings are applied.

Proposed action

To enable the Kerberos authentication on Firefox you must customize the configuration.

Do the following:

  1. Open your Firefox browser and enter about:config in the address bar.
  2. In the Filter field, enter negotiate.
  3. Double-click network.negotiate-auth.trusted-uris. This preference lists the trusted sites for Kerberos authentication.
  4. Enter your domain.
  5. Click OK.

The domain that you entered in the network.negotiate-auth.trusted-uris should now appear in Value column.

Note: If you have not installed the Qlik NPrinting certificates, you should also toggle the network.negotiate-auth.allow-non-fqdn option from false to true.

This document provides an overview of Mozilla's support for integrated authentication. This entails support for the the Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) internet standard (RFC 2478) to negotiate either Kerberos, NTLM, or other authentication protocols supported by the operating system. SPNEGO is commonly referred to as the 'negotiate' authentication protocol.


Mozilla does not have its own internal implementation of SPNEGO. Instead, it leverages system libraries that provide SPNEGO; SSPI on Microsoft Windows, and GSS-API on Linux, Mac OSX, and other UNIX-like systems.

The Mozilla implementation of SPNEGO can be found under extensions/auth/. It used to live in extensions/negotiateauth.

Mozilla also supports raw NTLM authentication using an internal implementation (based on the documentation provided by Eric Glass) that supports NTLMv1/LMv1 and NTLM2 Session Key modes. As of Mozilla 1.7, there is no support for NTLMv2/LMv2. This is mainly due to the fact that NTLMSSP does not provide a means to negotiate use of NTLMv2/LMv2.

Flow Diagram

The diagram below shows how various components interact.

Original Document Information


By default, Mozilla rejects all SPNEGO challenges from a web server. This is to protect the user from the possibility of DNS-spoofing being used to stage a man-in-the-middle exploit (see bug 17578 for more info). Moreover, with Windows clients NTLM may be negotiated as the authentication protocol. So, it is paramount that the browser does not freely exchange NTLM user credentials with any server that requests them. The NTLM response includes a hash of the user's logon credentials. On older versions of Windows this hash is computed using a relatively weak algorithm (see Hertel for more info on NTLM authentication).

Mozilla currently supports a whitelist of sites that are permitted to engage in SPNEGO authentication with the browser. This list is intended to be configured by an IT department prior to distributing Mozilla to end-users.

The preferences are:

where, site-list is a comma-separated list of URL prefixes or domains of the form:

Firefox Authentication App

Firefox Authentication App

network.negotiate-auth.trusted-uris lists the sites that are permitted to engage in SPNEGO authentication with the browser, and network.negotiate-auth.delegation-uris lists the sites for which the browser may delegate user authorization to the server. network.automatic-ntlm-auth.trusted-uris lists the trusted sites to use NTLM authentification.

Microsoft Authenticator Extension For Firefox

If you wish to use non-fully-qualified entries of the form in the above preferences for NTLM and SPNEGO authentication, you will also need to set the preferences network.automatic-ntlm-auth.allow-non-fqdn and network.negotiate-auth.allow-non-fqdn (respectively) to true.

Microsoft Authenticator Firefox

  • Author(s): Darin Fisher
  • Last Updated Date: December 27, 2005
  • Copyright Information: Portions of this content are © 1998–2007 by individual contributors; content available under a Creative Commons license Details.