SECURING
The Web SSO configuration document is a domain-wide configuration document stored in the HCL Domino® Directory. This document, which should be replicated to all Domino servers participating in the single sign-on domain, is encrypted for participating servers and administrators, and contains a shared secret key used by servers for verifying user credentials.
Parent topic: Multi-server session-based authentication (single sign-on)
To create a Web SSO configuration document if you are using Internet Sites
Before you begin
Make sure you have created a Web Site document, and enabled the use of Internet Site documents in the Server document.
Also make sure that your client location document has the home/mail server set to a server in the same domain as the servers participating in SSO. This ensures that all public keys for participating server can be found when the SSO document is encrypted.
Procedure
1. In the Domino Administrator, click Files, and open the server's Domino Directory (usually NAMES.NSF).
2. Select the Internet Sites view.
3. Click Create Web SSO Configuration.
4. In the document, click Keys.
5. Initialize the Web SSO Configuration with the shared secret key in one of two ways:
When you enter the DNS domain, be sure you type the initial period. For example, do not enter renovations.com; instead you should enter .renovations.com.
If the SSO domain includes WebSphere servers, WebSphere treats the DNS domain as case-sensitive, so ensure that the DNS domain value is specified with appropriate case.
Do not enable this option if you want Domino-created LTPA tokens to continue to contain the user's Domino distinguished name.
Groups, wildcards, and the names of WebSphere servers are not allowed in this field. Only Domino servers can be listed as participating servers in the Server Names field.
Note: There is a 64K-size limit on this field. An error message appears when the limit is reached, such as when the names of several hundreds of servers are entered. It is recommended that you create more than one Web SSO Document if this limit is reached.
Note: If you selected a Token Format that did not include LtpaToken, this option does not appear.
Tip: This custom name is useful for compatibility with HCL Digital Experience.
The cookie name cannot begin with a dollar-sign character, and cannot contain underscore, comma, semicolon or white space characters. Some browsers cannot process non-ASCII characters and might also have designated special characters that cannot be used. Domino limits the cookie name to 128 characters.
Note: If you selected a Token Format that did not include LtpaToken2, this option does not appear.
Note: If an Idle Session Timeout is configured, the session may timeout (based on inactivity) at a time earlier than that specified by the expiration.
Note: If you chose to import Websphere LTPA keys, this option will not appear on the Web SSO Configuration document.
If you imported Websphere LTPA keys, complete these fields:
Table 2. Websphere LTPA key fields
To create a Web SSO configuration document if you are using the Web Server Configurations view
About this task
Use this procedure to create a Web SSO configuration document if your server is a Release 5.0x server, or if you are using Domino 6 or higher but you do not use Web Site documents to manage your Web sites.
2. Select the Servers view.
4. In the Web SSO Configuration document, click Keys.
Note: Groups, wildcards, and the names of WebSphere servers are not allowed in this field. Only Domino Servers can be listed as participating servers in the Server Names field.
Table 4. Websphere LTPA key fields