SECURING


Setting up the Web SSO Configuration document for more than one Domino domain

You can enable servers in your current Domino® domain for single-sign on (SSO) with servers in another Domino domain, by setting up both domains to use the same key information.

Before you begin

Two conditions must exist:


Procedure

1. Copy the Web SSO Configuration document from the Domino Directory in which it was created, and paste it into the Domino Directory in the new domain.

2. Open the Web SSO Configuration document for the new domain and edit the Participating Domino Servers field to include only those servers with server documents in the new domain that will be enabled for single sign-on.

3. The client must be able to find server documents for the participating single sign-on servers. Make sure that the home server specified in your client's location document is pointing to a server in the same domain as those servers participating in single sign-on, so that lookups will be able to find the public keys of the servers. If the home server cannot find participating servers, then the SSO document cannot be encrypted and SSO will fail.

4. Save the document. It is encrypted for the participating servers in the new domain, and should enable those servers in the new domain to participate in single sign-on with servers in the current domain.

Parent topic: Multi-server session-based authentication (single sign-on)

Related tasks
Multi-server session-based authentication (single sign-on)