SECURING


Setting up Windows single sign-on for Web clients

You can set up a Domino® Web server to honor Microsoft™ Windows™ users' Active Directory logon credentials. Web users who are logged on to the Active Directory domain can open applications on the server from a browser without being prompted for a password.

About this task

The Domino Web server uses Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) and the underlying Kerberos network authentication security that is provided by Active Directory to negotiate the authentication with a browser client.

Restriction: Windows single sign-on for Web clients is incompatible with SAML deployment. If the Domino Web server is configured for SAML session authentication, Windows single sign-on for Web clients must be disabled in any SSO configuration document used by the SAML-enabled Web server.

Requirements:


Procedure

1. Prepare the Domino server for Windows single sign-on for Web clients.

2. Set up the Windows service for Domino.

3. Configure user name mapping.

4. Configure Web client browsers.


Parent topic: Multi-server session-based authentication (single sign-on)

Related concepts
Considerations if you deploy a DSAPI filter in a Windows single sign-on environment

Related tasks
Windows single sign-on for Web clients across multiple Active Directory domains

Related information
Deploying Windows single sign-on for Web clients (SPNEGO) in an existing Domino environment
Troubleshooting Windows single sign-on for Web clients (SPNEGO)