SECURING


Importing and cross-certifying the IdP Internet certificate

When configuring Notes clients for federated login using SAML, the clients must trust the certificate used by the Identity Provider (IdP). Import the IdP TLS certificate into the Domino directory and cross-certify it.

About this task

Some IdPs have different certificates for encrypting and decrypting assertions and for service communications (HTTPS communications). If you are unsure which certificate to trust, review the article https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0086048

Procedure

1. Connect to the IdP using the Firefox browser.

2. Click the certificates lock icon in the address bar and view the certificates.

3. Click the Details tab and select the Certificates KeyUsage field.

4. Verify that the Certificates KeyUsage field contains values forCertificate Signer and CRL Signer. In the following example, the values are missing:Certificate fields without Certificate Signer and CRL Signer


5. Export the selected certificate and save it as a Base 64 encoded X.509 Certificate (.cer) file. In ADFS, use the following steps: 6. Import the certificate into the Domino directory used by the ID vault and web servers and then cross-certify it:
Parent topic: Preparing for SAML authentication
Previous topic: Completing Domino prerequisites for SAML
Next topic: Creating and replicating the IdP Catalog