Firefox only allows Kerberos tokens to sites matching the network.negotiate-auth.trusted-uris list.
This list is comma-separated , and may contain wildcards or FQDN names.
...
For testing purposes, you can set network.negotiate-auth.trusted-uris manually uris manually by enteing aboutentering about:config in the address bar, then search the setting and enter the list:
...
Making a Group Policy for network.negotiate-auth.trusted-uris
On the domain controller, run Group Policy Management (gpmc.msc), and greate create or locate a policy that contains user objects.
...
Navigate to User Configuration - Policies - Windows Settings - Scripts and open Logon. The logon script may be placed anywhere on a file server or inside the policy itself.
In this example, firefox-settings.bat and user.js is are placed inside the policy itself.
...
Choose Add.. and then Browse. Windows Explorer will open the path to the Sysvol Policy.
Code Block Example: \\example.local\SysVol\example.local\Policies\{2D1CB1B7-F1BD-4CE8-8B3D-2F9FD06A764C}\User\Scripts\Logon
Right-click and make a new text document with the following content.
Save the file as firefox-settings.batCode Block if exist "%APPDATA%\Mozilla\Firefox" for /D %%F in ("%APPDATA%\Mozilla\Firefox\Profiles\*") do copy /y Example: \\example.local\SysVol\example.local\Policies\{2D1CB1B7-F1BD-4CE8-8B3D-2F9FD06A764C}\User\Scripts\Logon\user.js %%FCreate a new file named user.js with the content to match your domain. (The file must be named user.js)
Multiple names are separated by commaCommas separate multiple names. example.com is treated as *.example.comCode Block user_pref("network.negotiate-auth.trusted-uris", "example.com,issues.example.com");Finish the dialogue by opening firefox-settings.bat
...
Configuring network.negotiate-auth.allow-non-fqdn
In some cases, you may need to set this to 'true' for Firefox to send Kerberos tickets to the site , when using short-form URLs.
...