SECURING


Enabling single sign-on and basic authentication

This procedure ensures that a server can participate in single sign-on (SSO). An SSO-enabled server creates single sign-on cookies for users, allowing them to log in to the server and then be able to access other participating servers without having to log in again.

Parent topic: Multi-server session-based authentication (single sign-on)

To enable single sign-on and basic authentication for a Web Site

Before you begin

Make sure that the SSO keys have been created or imported from a WebSphere file.

About this task

Use this procedure to enable single sign-on for Domino servers (Domino 6 and higher) configured with Web Site documents.

Note: When you enable the use of Internet Sites on a Domino server, any existing SSO configurations are automatically disabled. Make sure that you have enabled this option prior to configuring SSO.

Procedure

1. In the Domino Administrator, click Configuration -> Web -> Internet Sites.

2. Open the Web Site document for which you want to enable single sign-on.

3. Click Domino Web Engine.

4. In the Session authentication field, select Multiple Servers (SSO).

5. In the Web SSO Configuration field, select the Web SSO Configuration for this Web Site from the drop-down list.

6. Click Security. For both TCP and TLS authentication, enableName & Password.

7. Save and close the Web Site document.

8. At the server console, start the HTTP process by typing:


Results

If something is wrong with the configuration, the browser receives an Error 500 message stating that single sign-on is not configured.

To enable single sign-on and basic authentication in the Server document

Before you begin

Make sure that the SSO keys have been created or imported from a WebSphere file.

About this task

Use this procedure to enable single sign-on for Domino Release 5.0x servers, or for Domino 6 and higher servers not configured with Web Site documents.

Note: You can optionally enable the use of client certificates for TLS authentication for users on an SSO-enabled server. If the user authenticates with a client certificate, the server still creates an SSO token for the user in case it will be useful for accessing resources on participating SSO servers.

Procedure

1. Open the Server document.

2. Click Ports -> Internet Ports -> Web, and enable Name-and-password authentication for the Web (HTTP/HTTPS) port.

3. Click Internet Protocols -> Domino Web Engine, and select Multiple Servers (SSO) in the Session authentication field.


4. In the Web SSO Configuration field, select the Web SSO Configuration for this server from the drop-down list.

5. Save and close the Server document.

Related tasks
Multi-server session-based authentication (single sign-on)