Preparing a Domino® server for Windows single sign-on for Web clients

You must prepare a Domino® server for Windows single sign-on for Web clients.

Procedure

  1. Run the HTTP task on the Domino® server.
  2. If you have not done so already, set up the Domino® server to use multi-server session-based authentication (single sign-on).
    • The single sign-on (SSO) configuration can use keys imported from WebSphere® or it can use Domino® SSO keys created in the SSO configuration.
    • The SSO configuration can be done through Web Sites or Server documents. Web Sites are advantageous because they enable you to set up a separate Web Site for Web clients to use that don't participate in Windows single sign-on. For more information, see the topic Setting up separate Web sites for participating and non-participating Web clients in the related links.
    • The Idle Session Timeout option available for a Domino-only Web SSO configuration, which prompts users to log in again after HTTP sessions are idle for a specified period, does not apply in an environment that uses Windows single sign-on.
  3. Enable the Windows single sign-on integration (if available) field in the Web SSO Configuration document that you administer.
    • If your SSO configuration is done through Web Sites, edit the Web SSO Configuration document located in the Configuration > Web > Internet Sites view of the Domino® Directory.
    • If your SSO configuration is done through Server documents, edit the Web SSO Configuration document located in the Configuration > Web > Web Configurations view of the Domino® Directory.
  4. Optional: Increase the Maximum cached users value in the Internet Protocols > Domino Web Engine tab of the server's Server document in the Domino® Directory.

    Windows single sign-on for Web clients can involve the use of up to three different names for a single user, therefore increasing the Maximum cached users value on the server may be warranted. To determine an appropriate value for this setting, first estimate the number of authenticated users who will log in at any one time. If there are relatively few users, for example a number about equivalent to the default cached users value of 64, specify a value that is about 3 times the number of users. If there are many users, for example about 1000 or more, specify a value that is 20% to 50% greater than the number of users.