IBM Domino Administrator 9.0.1 Social Edition Help

SECURING

Setting up Windows single sign-on for Web clients
You can set up a DominoŽ Web server to honor Microsoft™ Windows™ users' Active Directory logon credentials. Web users who are logged on to the Active Directory domain can open applications on the server from a browser without being prompted for a password.

About this task

The Domino Web server uses Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) and the underlying Kerberos network authentication security that is provided by Active Directory to negotiate the authentication with a browser client.

Restriction: Windows single sign-on for Web clients is incompatible with SAML deployment. If the Domino Web server is configured for SAML session authentication, Windows single sign-on for Web clients must be disabled in any SSO configuration document used by the SAML-enabled Web server.

Requirements:

Microsoft Windows Server Active Directory Domain Controller.
The functional level of an Active Directory domain (or forest in the case of multiple domains) must be set to Windows Server 2003 or higher. Backwards compatible modes for Windows Server 2003 cannot be used. For example, you cannot set Windows Server 2003 to use Windows 2000 mixed mode. To check the domain and forest functional level, from the Active Directory Users and Computers snap-in utility, right-click the domain, click Properties, and look at the General tab.
Domino server running on a Windows computer that is a member of an Active Directory domain.
Domino server configured for multi-server session-based authentication (single sign-on).
Browsers that are supported by Domino running on Windows clients that are logged on to the Active Directory domain and that have network access to the Active Directory server.
Web users with accounts in Active Directory.

Procedure

1. Prepare the Domino server for Windows single sign-on for Web clients.

2. Set up the Windows service for Domino.

3. Configure user name mapping.

4. Configure Web client browsers.

Feedback on Help or Product Usability?

Help on Help

All Help Contents

Feedback on Help or Usability?

Help on Help

All Help Contents