Enabling SAML authentication in Domino

Use this procedure to enable SAML authentication in the Domino directory. Enable SAML in an Internet Site document or in individual Server documents.

About this task

If you later change the authentication type in an Internet Site document to remove SAML, your change has no effect to disable SAML unless the IdP Configuration documents are either disabled or deleted.

Procedure

  1. Do one of the following from the Domino Administrator client:
    • If you use an Internet Site document, select Configuration > Web > Internet Sites. Then, open the Internet Site document in which to enable SAML authentication.
    • If you do not use an Internet Site document, select Configuration > Web > Web Server Configurations. Then, open the Server document in which to enable SAML authentication.
  2. Click the Domino Web Engine tab.
  3. In the Session authentication field, select SAML.
  4. (Best practice) For Web SSO Configuration, select the existing configuration document you want to use. If the value for this field is specified, the SAML service provider uses the LTPA configuration specified in the SSO configuration document as the session cookie.
  5. Leave the default of No specified for Force login on SSL.
  6. The SAML single server session expiration field specifies the number of minutes the SAML session will be valid on the participating server. Leave the default of 120 minutes specified unless your organization's security requires a shorter or longer time than 2 hours for client users to have access using SAML. When the session expires, the SAML user must re-authenticate with the SAML IdP.
  7. Leave Yes specified for When overriding session authentication, generate session cookie.
  8. Open the IdP configuration document you created in the IdP Catalog and change State to Enabled.