Tricking SSO With Mixed Domino Servers
Gabriella Davis 11 June 2009 12:28:20
My biggest problem with configuring SSO on Domino is the requirement that all Domino servers involved use the same method for web configuration. That means that they all need to be set to use Internet Site documents, or all set not to (to use pre v6 web configuration). This is exacerbated by the fact that Sametime and Quickr servers often can't use Internet Site documents and those are precisely the servers you want to include in your SSO setup. However last night I was talking to Paul Mooney on Skype and we were both complaining about it for the umpteenth time when I suggested we test a hack I had been mulling over and hadn't got round to trying yet.The key is the SSO document which specifies the "Configuration Name" you use in the Server document or for your Internet Site. The same document is used by both types of server configuration, but depending upon which type you chose, the server appears to look in either the Web Configuration view or the Internet Sites view for the list of SSO configurations it can use. The only thing that makes an SSO document appear in one view vs the other is the presence or absence of an 'organization'. If there's no organization listed the SSO document appears in the Web Configuration view and is used by Domino server set to use pre v6 Web Configuration. If there's an organization then the SSO document appears in the Internet Sites view for use by servers set to use Internet Site documents (see below for what I mean)
So if you have 10 servers and 2 of them don't use Internet Site documents do the following
- Create your SSO document for your internet site and domain and enter your Organization. Add all 10 servers to the document and save it
- Now copy and paste that document in names.nsf and edit the new copy to remove the Organization name and save it again with all 10 servers still there
- Comments [5]