Domino Consulting - HCL Domino Administrator 11.0.1 Help

SECURING

Configuring the ID vault for federated login

The Domino® ID vault administrator sets up the vault to specify the name of the IdP Catalog document for the SAML identity provider (IdP).

About this task

The ID vault administrator must approve the use of an IdP that will provide SAML credentials. The ID vault administrator decides which IdP is trustworthy. Only credentials from a trusted IdP can be used for downloading an id file stored in this ID vault. The administrator supplies host names for identity provider (IdP) partnerships to the ID vault in a vault document. The vault server uses the host names to look up IdP information from the IdP Catalog application (idpcat.nsf).

Tip: The Domino Web (HTTP) server is not using the Notes® ID vault to retrieve ID files unless the web server is also configured as an iNotes® server supporting Web federated login. Therefore, the vault configuration does not apply to the Domino Web server, and no changes need to be made to the vault document for the Domino Web server unless the web server is also configured as an iNotes server with Web federated login.

You might specify more than one entry in the list of approved IdP configurations if you need more than one IdP federation to handle the volume of user logins. If you add more than one entry into the list of Notes federated login approved IdP configurations, then at user login time, one of the approved IdP configurations will be chosen at random to be used to authenticate the user.

Procedure

1. From the Domino Administrator, open the ID vault application (idvault.nsf), which by default is stored in theIBM_ID_VAULT directory.

2. From the Configuration view, open the vault document for the vault that will be configured for SAML authentication.

3. Complete the following fields, according to the type of federated login you are using. If you are using both types, complete both fields. In both cases, you specify the ID vault server host name as specified in the ID vault IdP configuration document.

Option Description

Field Value to enter

Notes federated login approved IdP configurations Enter the host name from the Host names or addresses mapped to this site field of the ID vault server IdP configuration document, for examplevault.domino1.us.renovations.com

Web federated login approved IdP configurations Enter the host name from the Host names or addresses mapped to this site field of the ID vault server IdP configuration document, for examplevault.domino1.us.renovations.com

4. Save and close the vault document.

Parent topic: Configuring ID vault servers for federated SAML login
Previous topic: Setting up a Relying Party Trust for the ID vault server

Help on Help

All Help Contents

Help on Help

All Help Contents

Option	Description
Field	Value to enter
Notes federated login approved IdP configurations	Enter the host name from the Host names or addresses mapped to this site field of the ID vault server IdP configuration document, for example`vault.domino1.us.renovations.com`
Web federated login approved IdP configurations	Enter the host name from the Host names or addresses mapped to this site field of the ID vault server IdP configuration document, for example`vault.domino1.us.renovations.com`