Create a separate Web SSO Configuration document for each Web Site. Configure both Web SSO Configuration documents to use the same domain name and SSO keys. However, enable the "Windows single sign-on integration (if available)" field in only the Web SSO Configuration document for the Web Site that clients participating in Windows single sign-on will use.

If a particular Domino server services both Web Sites (a typical scenario), the server must map to a different host name in the "Host names or addresses mapped to this site" field in each Web Site document. You must give users the appropriate URL to use for accessing the server, depending on whether they participate in Windows single sign-on.

For example, assume the following:

• Domino1/Renovations maps to dom1intranet.renovations.com in the Web Site document whose Web SSO Configuration document is enabled for Windows single sign-on integration.
• Domino1/Renovations maps to dom1.renovations.com in the Web site document whose Web SSO Configuration document is not enabled for Windows single sign-on integration.

http://dom1intranet.renovations.com/names.nsf

These users would not be prompted for a name and password. Internet users or users not properly set up for Windows single sign-on may be unable to access the server through this URL, depending on the browser used.

You would tell users who are unable to use Windows single sign-on -- Internet users or users not properly set up for it -- to use the following URL instead:

http://dom1.renovations.com/names.nsf

These users would be prompted for a name and password.

Related topics

Multi-server session-based authentication (single sign-on)
Creating a Web SSO configuration document
Preparing a Domino server for Windows single sign-on for Web clients
Troubleshooting Windows single sign-on for Web clients
Setting up Windows single sign-on for Web clients

Glossary