Use this procedure to enable SAML authentication in the Domino directory. Enable SAML in
an Internet Site document or in individual Server documents.
About this task
If you later change the authentication type in an Internet Site document to remove SAML, your
change has no effect to disable SAML unless the IdP Configuration documents are either disabled or
deleted.
Procedure
-
Do one of the following from the Domino Administrator client:
- If you use an Internet Site document, select . Then, open the Internet Site document in which to enable SAML authentication.
- If you do not use an Internet Site document, select . Then, open the Server document in which to enable SAML authentication.
- Click the Domino Web Engine tab.
-
In the Session authentication field, select SAML.
-
(Best practice) For Web SSO Configuration, select the existing
configuration document you want to use. If the value for this field is specified, the SAML service
provider uses the LTPA configuration specified in the SSO configuration document as the session
cookie.
- Leave the default of No specified for Force
login on SSL.
- The SAML single server session expiration field
specifies the number of minutes the SAML session will be valid on
the participating server. Leave the default of 120 minutes specified
unless your organization's security requires a shorter or longer time
than 2 hours for client users to have access using SAML. When the
session expires, the SAML user must re-authenticate with the SAML
IdP.
-
Leave Yes specified for When overriding session
authentication, generate session cookie.
-
Open the IdP configuration document you created in the IdP Catalog and change
State to Enabled.