Configuring SSO in the browser

To configure your browser to authenticate SSO, complete the following task in your browser.

This is required only if Windows authentication method is configured for SAML in the Enabling the SAML Web browser SSO.

  • Microsoft Internet Explorer
  • Chromium
  • Mozilla Firefox
Access the interfaces with the following URLs.
Admin UI
https://<ipmserver.ipm.com>:<port>
Persona-based UI
https://<ipmserver.ipm.com>:<port>/mdm_ui
Note: The context root for the Admin UI is / and for the Persona-based UI is /mdm_ui. These are specified in the SAML properties and only these URL patterns are intercepted by the SAML web SSO TAI.

Microsoft Internet Explorer

  1. Open Microsoft Internet Explorer browser.
  2. Select Tools > Internet Options > Security tab.
    1. Select Local intranet and click Sites to display the list of trusted sites.
    2. Select the following first two options.
      1. Include all local (intranet) sites not listed in other zones.
      2. Include all sites that bypass the proxy server are checked.
    3. Click Advanced and add the URL of the Identity Provider to list of trusted sites.
    4. Click Custom level, under User Authentication, and Logon, select Automatic logon with current username and password security setting.
    5. Select the Advanced > Security section, ensure that Enable Integrated Windows Authentication is selected.
    6. Click OK and restart Microsoft Internet Explorer.
    7. Similar steps are applicable for the Trusted sites.

Chromium

If you are using Google Chromium, it automatically fetches all the settings that are done in the Microsoft Internet Explorer for the SSO.

To import bookmarks from Microsoft Internet Explorer.

  1. Open Chromium browser.
  2. At the upper right, click More.
  3. Select Bookmarks > Import Bookmarks and Settings.
  4. Select the program that contains the bookmarks you would like to import.
  5. Click Import and Done.

Mozilla Firefox

  1. Open the Mozilla Firefox browser.
  2. In the URL field, enter about:config, and press Enter.
  3. Ignore the warning, and click I accept the risk!.
  4. In the Search field, enter network.negotiate-auth.trusted-uris. This preference lists the trusted sites for Kerberos authentication.
  5. Double-click network.negotiate-auth.trusted-uris.
  6. In the Enter string value field, enter the Fully Qualified Domain Name (FQDN) of the host running the Product Master, and click OK.