Configuring Web client browsers for Windows single sign-on

To set up Windows single sign-on for Web clients, you must set up browsers to authenticate to theIBM® Domino® server using SPNEGO.

To set up Internet Explorer

Procedure

  1. Log in to the Windows Active Directory domain.
  2. Start the browser and click Tools > Internet Options.
  3. Click the Security tab.
  4. Select Local intranet and then click Sites.
  5. Ensure that Include all sites that bypass the proxy server is checked.
  6. Click Advanced.
  7. Add the URL for the Domino® server, and click OK twice. For example, if the Domino® server name is domino1.subnet2.renovations.com, specify:
    http://domino1.subnet2.renovations.com

    Or use a wildcard to provide the ability to connect to more than one SPNEGO-enabled Domino® server in the domain, for example:

    http://*.subnet2.renovations.com

    or

    *.subnet2.renovations.com
  8. Click Custom Level, and scroll to the User Authentication section.
  9. Select Automatic logon only in Intranet zone, and click OK.
  10. Click the Advanced tab, scroll to the Security section, verify that the option Enable Integrated Windows Authentication (requires restart) is selected.
  11. If your proxy server configuration is done manually rather than via automatic configuration script, complete these steps:
    1. Click the Connections tab.
    2. Click LAN Settings.
    3. Click Advanced.
    4. Add the Domino® server URL to the list Do not use proxy server for addresses beginning with, and click OK.
  12. Click OK again and restart the browser.
  13. From the browser, enter a URL to a database on the Domino® server to which you have access and verify that you are not prompted for a name and password. For example, 
    http://domino1.subnet2.renovations.com/mydatabase.nsf

To set up Mozilla or Firefox

Procedure

  1. Log in to the Windows Active Directory domain.
  2. Start the browser.
  3. In the URL address box, type:
    about:config
  4. In the Filter box, type:
    network.n
  5. Double-click network.negotiate-auth.trusted-uris, and enter the URL for the Domino® server, for example:
    http://domino1.subnet2.renovations.com

    Or use a wildcard to provide the ability to connect to more than one SPNEGO-enabled Domino® server, for example:

    http://subnet2.renovations.com

    Separate multiple entries with commas.

  6. Click OK and restart the browser.
  7. From the browser, enter a URL to a database on the Domino® server to which you have access, and verify that you are not prompted for a name and password. For example, 
    http://domino1.subnet2.renovations.com/mydatabase.nsf