The Domino Web server uses Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) and the underlying Kerberos network authentication security that is provided by Active Directory to negotiate the authentication with a browser client.

Requirements:

• Microsoft Windows Server Active Directory Domain Controller.
• The functional level of an Active Directory domain (or forest in the case of multiple domains) must be set to Windows Server 2003 or higher. Backwards compatible modes for Windows Server 2003 cannot be used. For example, you cannot set Windows Server 2003 to use Windows 2000 mixed mode. To check the domain and forest functional level, from the Active Directory Users and Computers snap-in utility, right-click the domain, click Properties, and look at the General tab.
• Domino server running on a Windows computer that is a member of an Active Directory domain.
• Domino server configured for multi-server session-based authentication (single sign-on).
• Browsers that are supported by Domino running on Windows clients that are logged on to the Active Directory domain and that have network access to the Active Directory server.
• Web users with accounts in Active Directory.

1. Prepare the Domino server for Windows single sign-on for Web clients.

2. Set up the Windows service for Domino.

3. Configure user name mapping.

4. Configure Web client browsers.

Related topics

Windows single sign-on for Web clients across multiple Active Directory domains
Considerations if you deploy a DSAPI filter in a Windows single sign-on environment
Troubleshooting Windows single sign-on for Web clients

Glossary