Preparing Active Directory Federation Services (ADFS)

If your IdP is Microsoft Active Directory Federation Services (ADFS), make sure you meet the following requirements before you configure SAML in Domino®:

  • One of the following versions of ADFS installed and configured:
    • 2.0 (Provided with Windows Server 2008 R2)
    • 3.0 (Provided with Windows Server 2012 R2)
  • A Secure Sockets Layer (SSL) certificate on the ADFS server that is signed by a Certificate Authority (CA). The CA root cert should be deployed by a domain policy to clients, an ADFS best practice.
  • The following components must be in the same Active Directory domain, unless Active Directory trust relationships are in place:
    • ADFS server
    • User records
    • Client computers from which users log in. (Integrated Windows Authentication only)