IBM Domino Administrator 9.0.1 Social Edition Help

SECURING

Configuring SAML from the Internet Site (Web Site) document
Use this procedure when configuring SAML authentication for DominoŽ in one or more Internet Site (Web Site) documents.

About this task

If your organization has Internet Sites, use this procedure to enable SAML.

Note: The SAML option for Session authentication, and the corresponding fields in this procedure, also exist in the server Configuration document; but you should follow these steps there only if your organization does not use Internet Sites.

If you later change the authentication type in an Internet Site document to remove SAML, your change has no effect to disable SAML unless the IdP Configuration document is either disabled or deleted.

Procedure

1. From the Domino Administrator client, select Configuration -> Web -> Internet Sites.

2. Open the Internet Site document for which you want to enable SAML-based single sign-on authentication.

3. Click the Domino Web Engine tab.

4. In the Session authentication field, select SAML. The IdP Catalog button appears.

5. (Optional) For Web SSO Configuration, select the existing configuration document you want to use. If the value for this field is specified, the SAML service provider uses the LTPA configuration specified in the SSO configuration document as the session cookie.

If the value for this field is not specified, the SAML service provider uses a single server session cookie, and the user's SSO experience across multiple servers depends upon each server's being enabled as a SAML service provider and partnered with the same IdP. For more information, see the related topic on creating a Web SSO configuration document.

6. Leave the default of No specified for Force login on SSL.

7. The SAML single server session expiration field specifies the number of minutes the SAML session will be valid on the participating server. Leave the default of 120 minutes specified unless your organization's security requires a shorter or longer time than 2 hours for client users to have access using SAML. When the session expires, the SAML user must re-authenticate with the SAML IdP.

8. Leave Yes specified for When overriding session authentication, generate session cookie.

9. Click IdP Catalog to create a new configuration document in the idpcat.nsf and open a window to it. If a document already exists, it opens. Complete the document, save and close it; see the related topics for more information.

Parent topic: Configuring SAML in Domino
Previous topic: Creating a Domino metadata file manually
Next topic: Using Domino as a SAML-based security provider with SSL

Feedback on Help or Product Usability?

Help on Help

All Help Contents

Feedback on Help or Usability?

Help on Help

All Help Contents