Page 1 of 1

firefox.adm + Firefox 5.0.1 + Group Policy for SSO

Posted: Thu Apr 11, 2013 4:43 pm
by jadeddog
I am new to using the firefox.adm template, so I apologize in advance for any dumb questions.

We have a Microsoft Active Directory domain where some users have Firefox on their systems. We have existing Firefox policies that used the following templates: firefoxdefaults and firefoxlock. These existing GPOs did stuff like set the homepage and other simple things like that. They worked fine.

We are implementing some Single Sign-On (SSO) stuff and to do so you have to set the following settings in Firefox to true: network.negotiate-auth.delegation-uris and network.negotiate-auth.trusted-uris.

So I added the firefox.adm template to the GPO and then set the Computer Configuration\Policies\Administrative Templates\Mozilla Firefox/Default Settings/Mozilla Advanced Options/networkshow settings as needed. Applied the GPO and the registry keys at HKLM\SOFTWARE\Policies\Mozilla\lockPref are now set with our domain on the affected desktops. However when I go to about:config from within Firefox, the network.negotiate-auth.delegation-uris and network.negotiate-auth.trusted-uris settings do not have this setting.

What are we doing wrong? Thanks for any help.

Re: firefox.adm + Firefox 5.0.1 + Group Policy for SSO

Posted: Thu Apr 11, 2013 7:36 pm
by Curtis
Have you run the Group Policy Results Wizard against a machine that is supposed to have the policy?

Re: firefox.adm + Firefox 5.0.1 + Group Policy for SSO

Posted: Fri Apr 12, 2013 1:17 am
by DraconPern
Did you mean Firefox 15.0.1 or 5.0.1?

Re: firefox.adm + Firefox 5.0.1 + Group Policy for SSO

Posted: Mon Apr 15, 2013 10:38 am
by jadeddog
DraconPern wrote:Did you mean Firefox 15.0.1 or 5.0.1?
Mozilla Firefox 5.0.1, not 15.0.1. Yes, I know it's a very old version, but it's our current corporate build.

Re: firefox.adm + Firefox 5.0.1 + Group Policy for SSO

Posted: Mon Apr 15, 2013 10:47 am
by jadeddog
Curtis wrote:Have you run the Group Policy Results Wizard against a machine that is supposed to have the policy?
Yes, I've run RSOP against the workstation, and it is indeed receiving the correct GPO. The GPO shows "Firefox Computer Policy" as applying. Additionally, the "Mozilla Firefox/Locked Settings/Mozilla Advanced Options/network" has both network.negotiate-auth.delegation-uris and network.negotiate-auth.trusted-uris set to enabled, and the winning GPO listed as Firefox Computer Policy. All this is as expected, since the the registry keys that this GPO sets (HKLM\SOFTWARE\Policies\Mozilla\lockPref) are set to enabled with our domain listed.

The GPO is working, but Firefox is not getting the updated settings. When I go to about:config the settings are not showing up. This is the problem.

Re: firefox.adm + Firefox 5.0.1 + Group Policy for SSO

Posted: Tue Apr 16, 2013 9:30 am
by jadeddog
So nobody has any ideas on this one?

Re: firefox.adm + Firefox 5.0.1 + Group Policy for SSO

Posted: Tue Apr 16, 2013 11:53 am
by jpa
Try using FrontMotion CE 20. If it works then maybe those policies weren't supported way back in mid 2011.

Re: firefox.adm + Firefox 5.0.1 + Group Policy for SSO

Posted: Tue Apr 16, 2013 1:22 pm
by jadeddog
Just thought I would update with what fixed the problem. I updated to our latest corporate approved build of 8.0.1 and the settings are now showing as they should. So it looks like the Firefox adm that we were using did not support the older version.

Re: firefox.adm + Firefox 5.0.1 + Group Policy for SSO

Posted: Mon Apr 22, 2013 11:34 pm
by DraconPern
Ah, there wasn't a CE version for 5.0.1. The first one was 8.0.1.