MozillaZine

Mozilla Foundation Looking for Names of Organizations That Have Switched to Mozilla

Sunday July 18th, 2004

Bart Decrem writes: "The Mozilla Foundation is looking for examples of companies or organizations that have moved from IE to Mozilla-based browsers in the last few weeks. Please chime in if you know of any!"


#48 Integrated Windows Authentication

by MightyE

Monday July 19th, 2004 4:51 AM

You are replying to this message

One thing keeping our organization back yet is the inability to allow Mozilla/Firefox from *automatically* authenticating against Integrated Windows Authentication sites with the current user's credentials. This must be transparent. Within our organization is a mish-mash of dozens of web servers which employees crawl over every day. This is the result of the organic growth the company has had, where small companies are acquired or merge, and bring with them their own resources, servers, etc.

If they store their password in their profile (not especially secure in Firefox by default since access to the master password requires a bit of know-how), at least they won't have to always key in their password each time they bounce to a new server, but they'll for sure be presented with a pop-up asking them to press Ok each time they cross servers. On the higher volume sites, where images are hosted on a different (but secured by IWA) server, they may have to authenticate several times for the viewing of a single page. In our user tests, this is difficult behavior for non-technical users to understand, the predominant complaint being, "Why does it keep asking me for the same information." Some users are confused enough that they think the site is telling them the login informatin they just provided is inaccurate, and would file a ticket with desktop support, believing something's gone wrong with their password (based on responses to questions posed on what they believe they should do when presented this dialog window).

IWA is necessary since it is how we authenticate and identify users for application permissions control, and it is by far the most seamless (at least in IE) authentication technique out there that we've discovered (if there are others, they'd require too large a simultaneous shift in our infrastructure as to make them infeasible), and it is obviously more secure than basic authentication, or web form based authentication.

What would allow this to meet our needs would simply be to provide an option allowing authentication to happen with out user intervention on sites within a given whitelist. Prefferably this would pick up on the current user's credentials and happen with out ever having to prompt the user for their login information, even if they'd recently changed their password. This whitelist could be propagated in the preferences of all users with the rollout or subsequent software updates.

It's my opinion that this would go a long way toward making the Mozilla line more attractive to many Microsoft centric organizations, and at this point in time, with all the IE bugs that have been flying around, a lot of these organizations will be looking closely at Mozilla products, but will get hung up on this one point, which represents a major difficulty for the average corporate user.