Prerequisites for Nomad federated login
Before you configure Nomad federated login, make sure you've completed these prerequisite steps.
- Upgrade the Domino ID vault servers that are used by Nomad for web browser users to V12.0.1. In addition, upgrade the design of vault.nsf, names.nsf, and idpcat.nsf using the vault.ntf, pubnames.ntf, and idpcat.ntf templates provided with V12.0.1. These templates include functionality and fields used for Nomad federated login.
- Set up a SAML identity provider (IdP) that is compatible with AuthnRequest SAML 2.0. Active Directory Federation Services (ADFS) is one example of an IdP but there are several others.
- Set up the Nomad server. For more information, see Configuring the Nomad server in the Nomad administration documentation.
- Configure SAML authentication on the Nomad server. When this step is complete, Nomad for web browser users authenticate through your IdP rather than the Nomad (SafeLinx) server. For information, see the topic Configuring SAML authentication in the SafeLinx documentation. Note that during initial Nomad for web browser client setup, users still need to log in to Domino with their Notes ID passwords until you configure Nomad federated login.
- If you have not configured Domino for SAML authentication for another purpose,
complete the following general steps required for Domino SAML authentication:
- Creating and replicating the IdP Catalog.
- Exporting a metadata .xml file from your IdP
- (ADFS only) Verify that the content of the following two fields match
for each user:
- The Internet address field in the Domino directory Person document.
- The E-mail field in the user ADFS properties box.
- (ADFS only) if user addresses in the Active Directory mail attribute are not identical to addresses in the Internet Address field in Domino directory Person documents, see Configuring directory name mapping (ADFS only).
- Ensure that the SAML IdP computer and the Domino ID vault servers have their clocks synchronized so that these computers share the same notion of current time. For more information, see the section Clock Synchronization in the topic Completing Domino prerequisites for SAML. (Ignore other information in that topic; it doesn't apply to Nomad federated login.)