SECURING
When configuring Notes clients for federated login using SAML, the clients must trust the certificate used by the Identity Provider (IdP). Import the IdP TLS certificate into the Domino directory and cross-certify it.
About this task
Some IdPs have different certificates for encrypting and decrypting assertions and for service communications (HTTPS communications). If you are unsure which certificate to trust, review the article https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0086048
Procedure
1. Connect to the IdP using the Firefox browser.
2. Click the certificates lock icon in the address bar and view the certificates.
3. Click the Details tab and select the Certificates KeyUsage field.
4. Verify that the Certificates KeyUsage field contains values forCertificate Signer and CRL Signer. In the following example, the values are missing:Certificate fields without Certificate Signer and CRL Signer
b. Start the Certificate Export Wizard:
ii. Select the certificate, right-click, and select Properties.
iii. On the General tab click View Certificate.
iv. On Details tab click Copy To File.
b. Select People & Groups -> Certificates -> .
c. Select Actions -> Import Internet certificate.
d. Open the certificate in the Certificates view.
e. Select Actions -> Create cross certificate .
g. The cross-certificate is added to the Certificates view under the category Not Categorized.