Open Firefox, and navigate to the IPA server (use the fully-qualified domain name, for example, http://ipaserver.example.com). If this is the first time you have attempted to connect to the site, you will see the "Kerberos Authentication Failed" page.

Click the IPA Certificate Authority link to import the Red Hat Enterprise IPA CA into the browser.

In the Downloading Certificate dialog, select the required trusts and then click OK.

Press F5 to reload the web page, and then click Configure Firefox.

In the Internet Security dialog, click Allow to enable the IPA script to automatically configure the browser settings.

Open Firefox, and type "about:config" in the Address Bar.

In the Search field, type "negotiate".

Ensure the following lines reflect your setup. Replace ".example.com" with your own IPA server's domain, including the preceding period (.):

network.negotiate-auth.trusted-uris  .example.com
network.negotiate-auth.delegation-uris  .example.com
network.negotiate-auth.using-native-gsslib true

• If you are configuring Firefox on Microsoft Windows, make the following changes instead:

  network.negotiate-auth.trusted-uris  .example.com
  network.auth.use-sspi false
  

In Firefox, navigate to the IPA server (use the fully-qualified domain name, for example, http://ipaserver.example.com). Ensure that there are no Kerberos authentication errors, and that you can see and interact with the Web interface.