Any client browser used in the intranet must be configured to work with the Kerberos Domain Controller.
In the Tool menu, go to Internet Options > Security.
Choose Local Intranet, and then click Site.
Mark the “Automatically detect intra network” checkbox, and then click Advanced.
Add the OpenSSO Enterprise URL to the Websites list if the URL is not already on the list.
For pre-6.0 Internet Explorer versions, be sure the Identity Server is in the browser's intranet zone and that native Windows Authentication is enabled. For more information, see Enabling Windows Authentication.
Open the Firefox browser, and enter about:config in the address bar.
This will display a large number of configuration entries, called Preference Names, for Firefox .
Double-click the Preference Name network.negotiate-auth.trusted-uris.
Enter http://, https://.
Safari has built-in native support for Kerberos single sign on and no configuration is needed.