How to remove basic authentication window showing in Firefox

[Juan OKeeffe]

I'm devoloping an Angular/Java application using waffle authentication.

When I access it in the Chrome browser it opens directly.
When I access it in the firefox browser it opens a browser basic authentication window asking for username and password.
How to remove this authentication window in Firefox? Chrome's behavior is the correct one.

Note: The issue only happens when I install the application in a remote server.
When accessing in localhost dev environment, firefox doesn't display the basic authentication window.

SecurityConfig.java

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private NegotiateSecurityFilter negotiateSecurityFilter;

    @Autowired
    private NegotiateSecurityFilterEntryPoint entryPoint;
   
    @Override
    protected void configure(HttpSecurity http) throws Exception {    
   
      http
        .csrf().disable()
                .authorizeRequests()
                .anyRequest()
                .authenticated()
                .and()
                .httpBasic()
                .authenticationEntryPoint(entryPoint)
                .and()
                .addFilterBefore(negotiateSecurityFilter, BasicAuthenticationFilter.class)                
                .headers()
                .addHeaderWriter(new StaticHeadersWriter("Access-Control-Allow-Credentials", "true"));  
     
          http.cors();  
               
    }

   
    @Override
    @Autowired
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {    
    auth.inMemoryAuthentication();
    }
   
}


WaffleConfig.java

@Configuration
public class WaffleConfig {


    @Bean
    public WindowsAuthProviderImpl waffleWindowsAuthProvider() {
        return new WindowsAuthProviderImpl();
    }

    @Bean
    public NegotiateSecurityFilterProvider negotiateSecurityFilterProvider(
            WindowsAuthProviderImpl windowsAuthProvider) {
        return new NegotiateSecurityFilterProvider(windowsAuthProvider);
    }

    @Bean
    public BasicSecurityFilterProvider basicSecurityFilterProvider(
            WindowsAuthProviderImpl windowsAuthProvider) {
        return new BasicSecurityFilterProvider(windowsAuthProvider);
    }

    @Bean
    public SecurityFilterProviderCollection waffleSecurityFilterProviderCollection(
            NegotiateSecurityFilterProvider negotiateSecurityFilterProvider,
            BasicSecurityFilterProvider basicSecurityFilterProvider) {
        SecurityFilterProvider[] securityFilterProviders =
                {negotiateSecurityFilterProvider, basicSecurityFilterProvider};
        return new SecurityFilterProviderCollection(securityFilterProviders);
    }

    @Bean
    public NegotiateSecurityFilterEntryPoint negotiateSecurityFilterEntryPoint(
            SecurityFilterProviderCollection securityFilterProviderCollection) {
        NegotiateSecurityFilterEntryPoint negotiateSecurityFilterEntryPoint =
                new NegotiateSecurityFilterEntryPoint();
        negotiateSecurityFilterEntryPoint.setProvider(securityFilterProviderCollection);
        return negotiateSecurityFilterEntryPoint;
    }

    @Bean
    public NegotiateSecurityFilter waffleNegotiateSecurityFilter(
            SecurityFilterProviderCollection securityFilterProviderCollection) {
        NegotiateSecurityFilter negotiateSecurityFilter = new NegotiateSecurityFilter();
        negotiateSecurityFilter.setProvider(securityFilterProviderCollection);
        return negotiateSecurityFilter;
    }
   
    @Bean
    public FilterRegistrationBean waffleNegotiateSecurityFilterRegistration(
            NegotiateSecurityFilter waffleNegotiateSecurityFilter) {
        FilterRegistrationBean registrationBean = new FilterRegistrationBean();
        registrationBean.setFilter(waffleNegotiateSecurityFilter);
        registrationBean.setEnabled(false);
        return registrationBean;
    }
}

I noticed one thing.

When accessing via Firefox, the following message is added to the logs:

FilterSecurityInterceptor - Failed to authorize filter invocation [GET /myapiurl] with attributes [authenticated]

When accessing via Chrome, the message is this other:

FilterSecurityInterceptor - Authorized filter invocation [GET /myapiurl] with attributes [authenticated]

[Ram K]

Firefox

1. Enter about:config in the browser address bar.
2. For each of the 2 settings below, enter the URL of your site, and your login site URL too if you have one. URLs should be separated by a comma. For example (https://mysite.com,https://login.mysite.com).
   • network.negotiate-auth.trusted-uris
   • network.automatic-ntlm-auth.trusted-uris
3. Close and reopen Firefox. 

[Juan OKeeffe]

Hi Ram, 

Thanks. But I cannot ask every user to do that. As the application developer I need a solution that can be implemented in the code. Not one that require user action.

--
You received this message because you are subscribed to the Google Groups "waffle" group.
To unsubscribe from this group and stop receiving emails from it, send an email to waffle-users...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/waffle-users/8f1e51ea-d272-4e50-8899-59b378fc535cn%40googlegroups.com.

[Daniel D.]

AFAIK, this is a feature of Firefox not to automatically do SSO. I am not sure why that's so. Would be nice to extend https://github.com/Waffle/waffle/blob/master/Docs/faq/ClientSideFailures.md with that information.

To view this discussion on the web visit https://groups.google.com/d/msgid/waffle-users/CAN0vvQuZN4Ym38z97vcT7sAQx4yDw44qM%3DSmJvz47kehSg_TSw%40mail.gmail.com.

--

dB. | Moscow - Geneva - Seattle - New York
code.dblock.org - t:@dblockdotorg - ig:@artdblockdotorg - github/dblock