SECURING

Setting up separate Web sites for participating and non-participating Web clients

Windows™ single sign-on is not available to some Web clients, for example, Web clients that connect over the Internet (rather than the intranet) or that are not set up to use the feature. When these clients connect to a Domino® server through a URL participating in Windows single sign-on, they are either blocked from accessing the server (Firefox users) or are inconvenienced by extra login prompts (Internet Explorer users). If your SSO configuration is done through Web Sites, you can work around this problem by setting up separate Web Sites, one for participating Web clients to use and another for non-participating Web clients to use.

About this task

Create a separate Web SSO Configuration document for each Web Site. Configure both Web SSO Configuration documents to use the same domain name and SSO keys. However, enable the Windows single sign-on integration (if available) field in only the Web SSO Configuration document for the Web Site that clients participating in Windows single sign-on will use.

If a particular Domino server services both Web Sites (a typical scenario), the server must map to a different host name in the Host names or addresses mapped to this site field in each Web Site document. You must give users the appropriate URL to use for accessing the server, depending on whether they participate in Windows single sign-on.

For example, assume the following:


You would tell intranet users who are set up to use Windows single sign-on to use the following URL to access names.nsf on the server:

These users would not be prompted for a name and password. Internet users or users not properly set up for Windows single sign-on may be unable to access the server through this URL, depending on the browser used.

You would tell users who are unable to use Windows single sign-on -- Internet users or users not properly set up for it -- to use the following URL instead:

These users would be prompted for a name and password.

Parent topic: Preparing a Domino server for Windows single sign-on for Web clients

Related tasks
Multi-server session-based authentication (single sign-on)
Creating a Web SSO configuration document
Preparing a Domino server for Windows single sign-on for Web clients
Setting up Windows single sign-on for Web clients

Related information
Troubleshooting Windows single sign-on for Web clients (SPNEGO)