Enabling single sign-on for SAML 2.0
Configure HCL Connections™ if you want to use the SAML (Security Assertion Markup Language) 2.0 Web SSO redirection services support to implement user authentication and single sign-on (SSO).
Before you begin
Complete the following prerequisite conditions:
- Verify that the Default application (Snoop) is protected by SAML 2.0.
- Ensure that you can access Connections applications from a web browser.
Each href attribute in the LotusConnections-config.xml file is case-sensitive and must specify a fully-qualified domain name.
Note: Lowercase is required for URLs. Many modern browsers will set the domain to lowercase before making a request. For URLs to match with those browsers, lowercase must be used when specifying domain names.- The connectionsAdmin J2C alias that you specified during installation must correspond to a valid account that can authenticate with SAML. It may map to a backend administrative user account. This account must be capable of authenticating for single sign-on against SAML. If you need to update the user ID or credentials for this alias, see the Changing references to administrative credentials topic.
Procedure
- Install Connections, if you have not already done so, with all necessary software components as described in Installing.
-
Using the WebSphere Application server administrative console, navigate to
and make the following changes:
- Run Full Resynchronize for all nodes.
- Stop all Connections clusters and then stop the DM.
- Restart the DM and then restart all Connections clusters.