SSO for Macintosh browsers

[Davalos, Jeff (STL-MOM)]

Hey gang,

I sincerely apologize if this is not the appropriate method to post my question.  Please forward me to the correct place if so...

If this is the correct place for a general question to the Keberos community, any thoughts you can provide will be received with open arms.

The issue:
I have been working to implement an SSO product across my enterprise.  The product works by configuring browsers to read the Kerberos ticket information from the local machine and forward the information inside of the ticket to my SSO web service for verification.

I can accomplish this on all my PCs using IE 7/8 and Firefox 3.x.  PCs are running XP, Vista and Windows 7.  Basically this is accomplished through the use of IWA in the PC browser configuration.

I cannot accomplish this in Safari 3/4 or Firefox 3.x on any of my Macs.  My Macs are all bound to my internal Active Directory service.  Despite the browsers being configured similarly to how I would configure the browsers on my PCs, the browsers seem to be failing on the Macs, during one of these steps:

 1.  Reading the local Kerberos ticket
 2.  Decrypting the information in the ticket
 3.  Sending the information in the ticket to my SSO web service

I have verified that the tickets exist and are valid (kerberos.app and klist).  I'm stumped as to what my next steps are.  How can I verify steps 1 through 3 are completing?

Thanks again...

Jeff