SECURING
Use this procedure to enable SAML authentication in the Domino directory. Enable SAML in an Internet Site document or in individual Server documents.
About this task
If you later change the authentication type in an Internet Site document to remove SAML, your change has no effect to disable SAML unless the IdP Configuration documents are either disabled or deleted.
Note: Only one SAML partnership or OIDC provider can be configured for a single internet site.
Procedure
1. Do one of the following from the Domino Administrator client:
3. In the Session authentication field, select SAML.
4. (Best practice) For Web SSO Configuration, select the existing configuration document you want to use. If the value for this field is specified, the SAML service provider uses the LTPA configuration specified in the SSO configuration document as the session cookie.
5. Leave the default of No specified for Force login on SSL.
6. The SAML single server session expiration field specifies the number of minutes the SAML session will be valid on the participating server. Leave the default of 120 minutes specified unless your organization's security requires a shorter or longer time than 2 hours for client users to have access using SAML. When the session expires, the SAML user must re-authenticate with the SAML IdP.
7. Leave Yes specified for When overriding session authentication, generate session cookie.
8. Open the IdP configuration document you created in the IdP Catalog and changeState to Enabled.
Parent topic: Configuring basic SAML authentication for Web servers Previous topic: Setting up a Relying Party Trust for Web servers Next topic: Testing basic SAML authentication
Related tasks Creating an Internet site document Creating a Web SSO configuration document