Enabling single sign-on and basic authentication

This procedure ensures that a server can participate in single sign-on (SSO). An SSO-enabled server creates single sign-on cookies for users, allowing them to log in to the server and then be able to access other participating servers without having to log in again.

To enable single sign-on and basic authentication for a Web Site

Before you begin

Make sure that the SSO keys have been created or imported from a WebSphere® file.

About this task

Use this procedure to enable single sign-on for Domino® servers (Domino® 6 and higher) configured with Web Site documents.

Note: When you enable the use of Internet Sites on a Domino® server, any existing SSO configurations are automatically disabled. Make sure that you have enabled this option prior to configuring SSO.

Procedure

  1. In the Domino® Administrator, click Configuration > Web > Internet Sites.
  2. Open the Web Site document for which you want to enable single sign-on.
  3. Click Domino Web Engine.
  4. In the Session authentication field, select Multiple Servers (SSO).
  5. In the Web SSO Configuration field, select the Web SSO Configuration for this Web Site from the drop-down list.
  6. Click Security. For both TCP and TLS authentication, enable Name & Password.
  7. Save and close the Web Site document.
  8. At the server console, start the HTTP process by typing:
    load HTTP

    If the HTTP process is already running, type:

    tell HTTP restart	

Results

If something is wrong with the configuration, the browser receives an Error 500 message stating that single sign-on is not configured.

To enable single sign-on and basic authentication in the Server document

Before you begin

Make sure that the SSO keys have been created or imported from a WebSphere® file.

About this task

Use this procedure to enable single sign-on for Domino® Release 5.0x servers, or for Domino® 6 and higher servers not configured with Web Site documents.

Note: You can optionally enable the use of client certificates for TLS authentication for users on an SSO-enabled server. If the user authenticates with a client certificate, the server still creates an SSO token for the user in case it will be useful for accessing resources on participating SSO servers.

Procedure

  1. Open the Server document.
  2. Click Ports > Internet Ports > Web, and enable Name-and-password authentication for the Web (HTTP/HTTPS) port.
  3. Click Internet Protocols > Domino Web Engine, and select Multiple Servers (SSO) in the Session authentication field.
    Note: The Idle session timeout and Maximum active sessions fields are disabled.
  4. In the Web SSO Configuration field, select the Web SSO Configuration for this server from the drop-down list.
  5. Save and close the Server document.