SECURITY


Setting up separate Web sites for participating and non-participating Web clients
Windows® single sign-on is not available to some Web clients, for example, Web clients that connect over the Internet (rather than the intranet) or that are not set up to use the feature. When these clients connect to a Lotus Domino server through a URL participating in Windows single sign-on, they are either blocked from accessing the server (Firefox users) or are inconvenienced by extra login prompts (Internet Explorer users). If your SSO configuration is done through Web Sites, you can work around this problem by setting up separate Web Sites, one for participating Web clients to use and another for non-participating Web clients to use.

Create a separate Web SSO Configuration document for each Web Site. Configure both Web SSO Configuration documents to use the same domain name and SSO keys. However, enable the "Windows single sign-on integration (if available)" field in only the Web SSO Configuration document for the Web Site that clients participating in Windows single sign-on will use.

If a particular Domino server services both Web Sites (a typical scenario), the server must map to a different host name in the "Host names or addresses mapped to this site" field in each Web Site document. You must give users the appropriate URL to use for accessing the server, depending on whether they participate in Windows single sign-on.

For example, assume the following:


You would tell intranet users who are set up to use Windows single sign-on to use the following URL to access names.nsf on the server:

http://dom1intranet.renovations.com/names.nsf

These users would not be prompted for a name and password. Internet users or users not properly set up for Windows single sign-on may be unable to access the server through this URL, depending on the browser used.

You would tell users who are unable to use Windows single sign-on -- Internet users or users not properly set up for it -- to use the following URL instead:

http://dom1.renovations.com/names.nsf

These users would be prompted for a name and password.

Related topics