SECURING


Configuring Web client browsers for Windows single sign-on
To set up Windows™ single sign-on for Web clients, you must set up browsers to authenticate to theIBM® Domino® server using SPNEGO.

To set up Internet Explorer

Procedure

1. Log in to the Windows Active Directory domain.

2. Start the browser and click Tools -> Internet Options.

3. Click the Security tab.

4. Select Local intranet and then click Sites.

5. Ensure that Include all sites that bypass the proxy server is checked.

6. Click Advanced.

7. Add the URL for the Domino server, and click OK twice. For example, if the Domino server name is domino1.subnet2.renovations.com, specify:


8. Click Custom Level, and scroll to the User Authentication section.

9. Select Automatic logon only in Intranet zone, and click OK.

10. Click the Advanced tab, scroll to the Security section, verify that the option Enable Integrated Windows Authentication (requires restart) is selected.

11. If your proxy server configuration is done manually rather than via automatic configuration script, complete these steps:


12. Click OK again and restart the browser.

13. From the browser, enter a URL to a database on the Domino server to which you have access and verify that you are not prompted for a name and password. For example,


To set up Mozilla or Firefox

Procedure

1. Log in to the Windows Active Directory domain.

2. Start the browser.

3. In the URL address box, type:


4. In the Filter box, type:
5. Double-click network.negotiate-auth.trusted-uris, and enter the URL for the Domino server, for example:
6. Click OK and restart the browser.

7. From the browser, enter a URL to a database on the Domino server to which you have access, and verify that you are not prompted for a name and password. For example,


Related tasks
Windows single sign-on for Web clients across multiple Active Directory domains
Setting up Windows single sign-on for Web clients

Related information
Troubleshooting Windows single sign-on for Web clients (SPNEGO)