SECURING
Create an IdP configuration document for Web servers that will participate in SAML authentication.
Before you begin
Have the metadata .xml file that you exported from your IdP, for exampleFederationMetadata.xml, in a location from which you can access it so that you can import it into the IdP configuration document.
Note: If you will create another IdP configuration document, for example, for federated login with the ID vault, make a backup copy of the file; when you import the .xml file into the IdP configuration document, the .xml file is deleted from your local system.
About this task
If your Web servers are behind a load balancer or IP sprayer, create one Web server IdP configuration document. Your IdP will connect to the load balancer or IP sprayer. If your Web servers are not behind a load balancer or IP sprayer, create a separate IdP configuration document for each Web server.
Procedure
1. Open idpcat.nsf.
2. Click Add IdP Config to create a new configuration document.
3. Click Import XML file and select the metadata .xml file you exported from your IdP. In ADFS, this file name is typicallyFederationMetadata.xml.
Table 1. Fields in the IdP Configuration document whose values are generated from the metadata.xml file
The web address (URL) in this field is created when you click the "Import XML file" button. It is the URL to which incoming requests are redirected for authentication with the IdP.
Do not modify this text unless you are working with a metadata XML file that is not available for import into the form; in that case, be sure to copy and paste text accurately into this field.
Note: The value in this field is a subset of the expected URL to the IdP. The Domino server generates the full URL when necessary.
Note: This field appears only when theType field is set to SAML 2.0.
For example,url.oasis.names.tc:SAML:2.0:protocol.
Important: The host names you enter here should match what is entered in either theHost name(s) field on the Internet Protocols/HTTP tab in a Server document or the Host names or addresses mapped to this site field of an Internet Site (Web Site) document.
For example, enter mail01.us.renovations.com;n.nn.nnn.n.
If you use a load balancer to distribute requests across servers, include the host name and IP address for the load balancer as well as the host names and IP addresses of the target Web servers. Separate the servers with semi-colons or press Enter. For example:
mail.us.renovations.com;n.nn.nnn.nmail01.us.renovations.com;n.nn.nnn.nmail02.us.renovations.com;n.nn.nnn.n
6. In the Service provider ID field, enter a value to identify the web servers as service provider partner with the IdP.
8. Save and close the IdP configuration document. You see the following message because the IdP configuration document is currently disabled and the service provider URL cannot be resolved. ClickYes to go ahead and save.
Parent topic: Configuring basic SAML authentication for Web servers Next topic: Exporting the Domino web configuration to an .xml file