SlideShare a Scribd company logo

Spnego configuration

Gabriella Davis
Gabriella Davis

Integrated Web Authentication (IWA) allows automatic authentication between Microsoft clients and servers. IWA uses SPNEGO to negotiate Kerberos or NTLM authentication protocols. Configuring IWA for Domino requires setting up Service Principal Names (SPNs) in Active Directory for Domino hostnames, configuring Domino to start as an Active Directory service account, and configuring browser settings for supported browsers. Troubleshooting may involve checking SPN and account configuration or debugging HTTP authentication with Domino.

1 of 40
Download to read offline
July 2015 IntegratedWeb Authentication & Domino Gabriella Davis The Turtle Partnership
Outline ✤ Function and use of IWA ✤ System Requirements ✤ How To Configure SPNEGO ✤ Things To Consider
What Is IWA ✤ Integrated Web Authentication (IWA) is an umbrella term that represents several protocols and technologies used by Microsoft for automatic authentication ✤ SPNEGO is an IWA service that determines which protocol the client and server need to use to talk ✤ Microsoft uses SPNEGO for its HTTP authentication negotiation ✤ Protocols that can be used by SPNEGO for IWA include Kerberos and NTLM
Simple & Protected GSSAPI Negotiation Mechanism
System Requirements ✤ Domino 8.5.1 or later as the initial authentication server ✤ Windows Active Directory with Windows 2003 or later compatibility mode ✤ Browsers ✤ IE ✤ Firefox (Windows) ✤ Chrome 8 and higher (Windows)
The Lab Environment Active Directory Windows 2008 R2 DC cn=dc,dc=turtletest,dc=com Domino Server Windows 2008 R2 9.0.1 dominoweb.turtletest.com Swan/Turtle cn=dominoweb,dc=computers,dc=turtletest,dc=com Windows 7 Client Machine cn=lihue,dc=computers,dc=turtletest,dc=com cn=gabriella,dc=lihue
How Does ItWorkWith Domino ✤ There must be a relationship between Domino and AD for the authentication “conversation” to happen ✤ Domino must run as a service under Windows ✤ Use a named AD account to run the service ✤ Create a Service Principal Name in Active Directory for each URL hostname that will be passed to Domino
Configuring for SPNEGO
Domino Configuration ✤ Internet Site Documents ✤ Web Single Sign On Document ✤ HTTP Site Document ✤ Domino start as service with named user ✤ Configuring Domino to start with a java controller
Internet Site Documents ✤ Ensure the Domino server document is set to use Internet Site Documents ✤ this isn’t a requirement but will make the SPNEGO configuration easier to manage
Web Single Sign On Document
HTTP Site Document
Domino Start As Service ✤ Domino must be started using an AD account not a local system account. A local system account does not support use by multiple web servers or the user of an ip sprayer
Configure DominoTo StartWith Java Controller ✤ Once you configure Domino to start as a named account you need to use the java controller to monitor Domino on the server itself ✤ Use Windows regedit to modify the registry ✤ find the entries representing the Domino server (search for notes.ini) and add -jc -c Consider adding to the server notes.ini file ServerController=1 TCPIP_ControllerTcpIpAddress=<ipaddress>:2050
Active Directory ✤ We must create a Service Principal Name (SPN) in Active Directory to represent any hostname the Domino web server will use and the account running the Domino server ✤ This can be done two ways ✤ using the domspnego utility ✤ manually ✤ You will need to find and use setpspn.exe on the Domain Controller
Using domspnego ✤ From the Domino program directory in a command window type domspnego ✤ domspnego -? shows a help for the command ✤ domspnego <name of output file to generate) ✤ domspengo dominowebservice
Domspnego Output ✤ You will need to know ✤ The account name Domino is running under ✤ Any hostnames used for web access ✤ Any ip sprayer hostnames ✤ Answering the prompted questions will generate a .cmd file you can edit in notepad to see the commands you will want to run
Domspnego CMD File
Creating the SPN ✤ On the domain controller find the “setspn.exe” utility ✤ The syntax is ✤ setspn -a HTTP / <hostname> <adserviceaccount> ✤ The commands for running the SPN will be in your output file generated by domspnego e.g. setspn -a HTTP/dominoweb.turtletest.com dominowebservice
SPN Rules ✤ There can only be one SPN for a hostname ✤ If you need to change the service account bound to the SPN you must delete the original one first and create a new one ✤ To delete an SPN type “d” instead of “a” on the setspn command setspn -d HTTP/dominoweb.turtletest.com dominowebservice
SPN Commands ✤ Create a SPN ✤ Confirm a SPN ✤ Remove a SPN
Name Mappings ✤ To grant Domino access to a database there must be an ACL entry for the user ✤ The windows Kerberos name must be an entry in the fullname field of the user’s person document so Domino can match the Windows logged in name to the ACL ✤ There should be 2 entries before it, the user’s hierarchical name (used in the ACL) and the user’s common name ✤ The Windows user “Gabriella” logging into the windows domain “turtletest.com” (gabriella@turtletest.com) will be translated by Domino into Gabriella Davis/Turtle for ACL access ✤ Use the exact case AD uses for the name part and always capitals for the domain part
Directory Assistance ✤ SPNEGO users do not use passwords in any way ✤ The domino http password field on the person documents can therefore be empty ✤ Should you want non-SPNEGO users to login they can either use the Domino HTTP Password OR you can configure Active Directory under Directory Assistance ✤ That then authenticates users accessing Domino using their AD names and passwords
Managing Users - OPTIONAL ✤ If you do want to manage users in Active Directory instead of in Domino you can do so but the environment needs to be configured for that ✤ they must still be present in Domino person documents ✤ The Active Directory entry must have an attribute containing the user’s hierarchical Domino name ✤ Directory Assistance must be configured for authentication to Active Directory ✤ Keeping the user names synchronised across both environments requires a tool such as Tivoli Directory Integrator
Browser Configuration ✤ SPNEGO supports Windows browsers IE, Firefox and Chrome >8 ✤ Configuration for each must be done on the client side and is different for each browser ✤ This may change in the future if the browser versions change
Internet Explorer Configuration ✤ Start IE and click Tools > Internet Options ✤ Select the Security tab ✤ Select "Local intranet" and click Sites. ✤ Ensure that the "Include all sites that bypass the proxy server" is checked. ✤ Click Advanced ✤ Add the URL for the Domino server http://dominoweb.turtlest.com and click OK twice. Or use a wildcard to provide the ability to connect to more than one SPNEGO-enabled Domino server in the domain *.turtletest.com ✤ Click Custom Level, scroll to the User Authentication section, select "Automatic logon only in Intranet zone," and click OK. ✤ Click the Advanced tab, scroll to the Security section, verify the option "Enable Integrated Windows Authentication (requires restart)" is selected.
Firefox Configuration ✤ Start Firefox and in the URL address box, type about:config ✤ In the Filter box, type network.n ✤ Double-click network.negotiate-auth.trusted-uris, and enter the URL 
 http://dominoweb.turtletest.com or use a wildcard to provide the ability to connect to more than one SPNEGO-enabled Domino server in the domain http://*.turtletest.com or 
 separate multiple entries with commas. ✤ Click OK and restart the browser.
Chrome Configuration ✤ Chrome uses the configuration settings from Internet Explorer ✤ Alternatively in Windows use Internet Options under Control Panel
Non SPNEGO Behaviour ✤ Users who don’t login to the Windows AD domain cannot use SPNEGO ✤ Once you configure the URL and web server for SPNEGO it can only be used by SPNEGO enabled clients and browsers ✤ There are programmatic tools available including DSAPI filters that will intercept the request and redirect it for non SPNEGO users ✤ Alternately non-SPNEGO users can be given a different hostname/URL to use
Multiple Sites / URLs ✤ For every hostname or site document that the web server responds to a SPN needs to be created ✤ This includes any load balancers ✤ Any server aliases that will resolve in URLs must also have SPN entries ✤ Remember only one SPN per hostname and that must correspond to the owning account of the Domino service
SPNEGO Support ✤ SPNEGO is supported for Domino web applications including iNotes ✤ but not Traveler ✤ SPNEGO is also supported inside eclipse for feeds, sametime, connections etc ✤ but not for Notes basic ✤ SPNEGO is not supported for Notes client access
Troubleshooting ✤ On Windows 7 and Windows Vista, SPNEGO is not functional for users who are members of the Administrators group when UAC is enabled. To use SPNEGO on these platforms, advise the client user to launch Notes with elevated privileges, disable UAC, or log in as a non-admin user. ✤ DEBUG_HTTP_SERVER_SPNEGO = 1 ✤ http://www-01.ibm.com/support/docview.wss? uid=swg21394592

Recommended

Domino Server Health - Monitoring and Managing
Domino Server Health - Monitoring and Managing Domino Server Health - Monitoring and Managing
Domino Server Health - Monitoring and Managing
Gabriella Davis
 
HTTP - The Other Face Of Domino
HTTP - The Other Face Of DominoHTTP - The Other Face Of Domino
HTTP - The Other Face Of Domino
Gabriella Davis
 
HCL Domino V12 Key Security Features Overview
HCL Domino V12 Key Security Features Overview HCL Domino V12 Key Security Features Overview
HCL Domino V12 Key Security Features Overview
hemantnaik
 
Best Practice TLS for IBM Domino
Best Practice TLS for IBM DominoBest Practice TLS for IBM Domino
Best Practice TLS for IBM Domino
Jared Roberts
 
Important tips on Router and SMTP mail routing
Important tips on Router and SMTP mail routingImportant tips on Router and SMTP mail routing
Important tips on Router and SMTP mail routing
jayeshpar2006
 
April, 2021 OpenNTF Webinar - Domino Administration Best Practices
April, 2021 OpenNTF Webinar - Domino Administration Best PracticesApril, 2021 OpenNTF Webinar - Domino Administration Best Practices
April, 2021 OpenNTF Webinar - Domino Administration Best Practices
Howard Greenberg
 
Improving notes addressing experience with recent contacts
Improving notes addressing experience with recent contactsImproving notes addressing experience with recent contacts
Improving notes addressing experience with recent contacts
Vinayak Tavargeri
 
AD11 Starting with Domino on Docker.pdf
AD11 Starting with Domino on Docker.pdfAD11 Starting with Domino on Docker.pdf
AD11 Starting with Domino on Docker.pdf
Martijn de Jong
 

Recommended

Domino Server Health - Monitoring and Managing
Domino Server Health - Monitoring and Managing Domino Server Health - Monitoring and Managing
Domino Server Health - Monitoring and Managing
Gabriella Davis
 
HTTP - The Other Face Of Domino
HTTP - The Other Face Of DominoHTTP - The Other Face Of Domino
HTTP - The Other Face Of Domino
Gabriella Davis
 
HCL Domino V12 Key Security Features Overview
HCL Domino V12 Key Security Features Overview HCL Domino V12 Key Security Features Overview
HCL Domino V12 Key Security Features Overview
hemantnaik
 
Best Practice TLS for IBM Domino
Best Practice TLS for IBM DominoBest Practice TLS for IBM Domino
Best Practice TLS for IBM Domino
Jared Roberts
 
Important tips on Router and SMTP mail routing
Important tips on Router and SMTP mail routingImportant tips on Router and SMTP mail routing
Important tips on Router and SMTP mail routing
jayeshpar2006
 
April, 2021 OpenNTF Webinar - Domino Administration Best Practices
April, 2021 OpenNTF Webinar - Domino Administration Best PracticesApril, 2021 OpenNTF Webinar - Domino Administration Best Practices
April, 2021 OpenNTF Webinar - Domino Administration Best Practices
Howard Greenberg
 
Improving notes addressing experience with recent contacts
Improving notes addressing experience with recent contactsImproving notes addressing experience with recent contacts
Improving notes addressing experience with recent contacts
Vinayak Tavargeri
 
AD11 Starting with Domino on Docker.pdf
AD11 Starting with Domino on Docker.pdfAD11 Starting with Domino on Docker.pdf
AD11 Starting with Domino on Docker.pdf
Martijn de Jong
 
HCL Sametime 12.0 on Docker - Step-By-Step.pdf
HCL Sametime 12.0 on Docker - Step-By-Step.pdf HCL Sametime 12.0 on Docker - Step-By-Step.pdf
HCL Sametime 12.0 on Docker - Step-By-Step.pdf
Ales Lichtenberg
 
IBM Domino / IBM Notes Performance Tuning
IBM Domino / IBM Notes Performance Tuning IBM Domino / IBM Notes Performance Tuning
IBM Domino / IBM Notes Performance Tuning
Vladislav Tatarincev
 
HCL Sametime 12.0 – Converting from native Domino Directory to LDAP and Migra...
HCL Sametime 12.0 – Converting from native Domino Directory to LDAP and Migra...HCL Sametime 12.0 – Converting from native Domino Directory to LDAP and Migra...
HCL Sametime 12.0 – Converting from native Domino Directory to LDAP and Migra...
Ales Lichtenberg
 
Engage2022 - Domino Admin Tips
Engage2022 - Domino Admin TipsEngage2022 - Domino Admin Tips
Engage2022 - Domino Admin Tips
Gabriella Davis
 
RNUG - HCL Notes V11 Performance Boost
RNUG - HCL Notes V11 Performance BoostRNUG - HCL Notes V11 Performance Boost
RNUG - HCL Notes V11 Performance Boost
Christoph Adler
 
Domino Adminblast
Domino AdminblastDomino Adminblast
Domino Adminblast
Gabriella Davis
 
RNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-Reloaded
RNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-ReloadedRNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-Reloaded
RNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-Reloaded
Christoph Adler
 
Domino Tech School - Upgrading to Notes/Domino V10: Best Practices
Domino Tech School - Upgrading to Notes/Domino V10: Best PracticesDomino Tech School - Upgrading to Notes/Domino V10: Best Practices
Domino Tech School - Upgrading to Notes/Domino V10: Best Practices
Christoph Adler
 
IBM Lotus Domino Domain Monitoring (DDM)
IBM Lotus Domino Domain Monitoring (DDM)IBM Lotus Domino Domain Monitoring (DDM)
IBM Lotus Domino Domain Monitoring (DDM)
Austin Chang
 
Simplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAMLSimplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAML
Gabriella Davis
 
HCL Domino V12 - TOTP
HCL Domino V12 - TOTPHCL Domino V12 - TOTP
HCL Domino V12 - TOTP
Ales Lichtenberg
 
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
Christoph Adler
 
60 Admin Tips
60 Admin Tips60 Admin Tips
60 Admin Tips
Gabriella Davis
 
October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...
October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...
October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...
Howard Greenberg
 
INF107 - Integrating HCL Domino and Microsoft 365
INF107 - Integrating HCL Domino and Microsoft 365INF107 - Integrating HCL Domino and Microsoft 365
INF107 - Integrating HCL Domino and Microsoft 365
Dylan Redfield
 
Understanding domino memory 2017
Understanding domino memory 2017Understanding domino memory 2017
Understanding domino memory 2017
mJOBrr
 
RESTful services on IBM Domino/XWork
RESTful services on IBM Domino/XWorkRESTful services on IBM Domino/XWork
RESTful services on IBM Domino/XWorkJohn Dalsgaard
 
From frustration to fascination: dissecting Replication
From frustration to fascination: dissecting ReplicationFrom frustration to fascination: dissecting Replication
From frustration to fascination: dissecting Replication
Benedek Menesi
 
June OpenNTF Webinar - Domino V12 Certification Manager
June OpenNTF Webinar - Domino V12 Certification ManagerJune OpenNTF Webinar - Domino V12 Certification Manager
June OpenNTF Webinar - Domino V12 Certification Manager
Howard Greenberg
 
Bewährte Praktiken für HCL Notes/Domino-Sicherheit. Teil 2: Der Domino-Server
Bewährte Praktiken für HCL Notes/Domino-Sicherheit. Teil 2: Der Domino-ServerBewährte Praktiken für HCL Notes/Domino-Sicherheit. Teil 2: Der Domino-Server
Bewährte Praktiken für HCL Notes/Domino-Sicherheit. Teil 2: Der Domino-Server
panagenda
 
Fun With SHA2 Certificates
Fun With SHA2 CertificatesFun With SHA2 Certificates
Fun With SHA2 Certificates
Gabriella Davis
 
Benefits and Risks of a Single Identity - IBM Connect 2017
Benefits and Risks of a Single Identity - IBM Connect 2017Benefits and Risks of a Single Identity - IBM Connect 2017
Benefits and Risks of a Single Identity - IBM Connect 2017
Gabriella Davis
 

More Related Content

What's hot

HCL Sametime 12.0 on Docker - Step-By-Step.pdf
HCL Sametime 12.0 on Docker - Step-By-Step.pdf HCL Sametime 12.0 on Docker - Step-By-Step.pdf
HCL Sametime 12.0 on Docker - Step-By-Step.pdf
Ales Lichtenberg
 
IBM Domino / IBM Notes Performance Tuning
IBM Domino / IBM Notes Performance Tuning IBM Domino / IBM Notes Performance Tuning
IBM Domino / IBM Notes Performance Tuning
Vladislav Tatarincev
 
HCL Sametime 12.0 – Converting from native Domino Directory to LDAP and Migra...
HCL Sametime 12.0 – Converting from native Domino Directory to LDAP and Migra...HCL Sametime 12.0 – Converting from native Domino Directory to LDAP and Migra...
HCL Sametime 12.0 – Converting from native Domino Directory to LDAP and Migra...
Ales Lichtenberg
 
Engage2022 - Domino Admin Tips
Engage2022 - Domino Admin TipsEngage2022 - Domino Admin Tips
Engage2022 - Domino Admin Tips
Gabriella Davis
 
RNUG - HCL Notes V11 Performance Boost
RNUG - HCL Notes V11 Performance BoostRNUG - HCL Notes V11 Performance Boost
RNUG - HCL Notes V11 Performance Boost
Christoph Adler
 
Domino Adminblast
Domino AdminblastDomino Adminblast
Domino Adminblast
Gabriella Davis
 
RNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-Reloaded
RNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-ReloadedRNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-Reloaded
RNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-Reloaded
Christoph Adler
 
Domino Tech School - Upgrading to Notes/Domino V10: Best Practices
Domino Tech School - Upgrading to Notes/Domino V10: Best PracticesDomino Tech School - Upgrading to Notes/Domino V10: Best Practices
Domino Tech School - Upgrading to Notes/Domino V10: Best Practices
Christoph Adler
 
IBM Lotus Domino Domain Monitoring (DDM)
IBM Lotus Domino Domain Monitoring (DDM)IBM Lotus Domino Domain Monitoring (DDM)
IBM Lotus Domino Domain Monitoring (DDM)
Austin Chang
 
Simplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAMLSimplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAML
Gabriella Davis
 
HCL Domino V12 - TOTP
HCL Domino V12 - TOTPHCL Domino V12 - TOTP
HCL Domino V12 - TOTP
Ales Lichtenberg
 
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
Christoph Adler
 
60 Admin Tips
60 Admin Tips60 Admin Tips
60 Admin Tips
Gabriella Davis
 
October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...
October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...
October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...
Howard Greenberg
 
INF107 - Integrating HCL Domino and Microsoft 365
INF107 - Integrating HCL Domino and Microsoft 365INF107 - Integrating HCL Domino and Microsoft 365
INF107 - Integrating HCL Domino and Microsoft 365
Dylan Redfield
 
Understanding domino memory 2017
Understanding domino memory 2017Understanding domino memory 2017
Understanding domino memory 2017
mJOBrr
 
RESTful services on IBM Domino/XWork
RESTful services on IBM Domino/XWorkRESTful services on IBM Domino/XWork
RESTful services on IBM Domino/XWorkJohn Dalsgaard
 
From frustration to fascination: dissecting Replication
From frustration to fascination: dissecting ReplicationFrom frustration to fascination: dissecting Replication
From frustration to fascination: dissecting Replication
Benedek Menesi
 
June OpenNTF Webinar - Domino V12 Certification Manager
June OpenNTF Webinar - Domino V12 Certification ManagerJune OpenNTF Webinar - Domino V12 Certification Manager
June OpenNTF Webinar - Domino V12 Certification Manager
Howard Greenberg
 
Bewährte Praktiken für HCL Notes/Domino-Sicherheit. Teil 2: Der Domino-Server
Bewährte Praktiken für HCL Notes/Domino-Sicherheit. Teil 2: Der Domino-ServerBewährte Praktiken für HCL Notes/Domino-Sicherheit. Teil 2: Der Domino-Server
Bewährte Praktiken für HCL Notes/Domino-Sicherheit. Teil 2: Der Domino-Server
panagenda
 

What's hot (20)

HCL Sametime 12.0 on Docker - Step-By-Step.pdf
HCL Sametime 12.0 on Docker - Step-By-Step.pdf HCL Sametime 12.0 on Docker - Step-By-Step.pdf
HCL Sametime 12.0 on Docker - Step-By-Step.pdf
 
IBM Domino / IBM Notes Performance Tuning
IBM Domino / IBM Notes Performance Tuning IBM Domino / IBM Notes Performance Tuning
IBM Domino / IBM Notes Performance Tuning
 
HCL Sametime 12.0 – Converting from native Domino Directory to LDAP and Migra...
HCL Sametime 12.0 – Converting from native Domino Directory to LDAP and Migra...HCL Sametime 12.0 – Converting from native Domino Directory to LDAP and Migra...
HCL Sametime 12.0 – Converting from native Domino Directory to LDAP and Migra...
 
Engage2022 - Domino Admin Tips
Engage2022 - Domino Admin TipsEngage2022 - Domino Admin Tips
Engage2022 - Domino Admin Tips
 
RNUG - HCL Notes V11 Performance Boost
RNUG - HCL Notes V11 Performance BoostRNUG - HCL Notes V11 Performance Boost
RNUG - HCL Notes V11 Performance Boost
 
Domino Adminblast
Domino AdminblastDomino Adminblast
Domino Adminblast
 
RNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-Reloaded
RNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-ReloadedRNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-Reloaded
RNUG - HCL Notes 11.0.1 FP2 — Performance Boost Re-Reloaded
 
Domino Tech School - Upgrading to Notes/Domino V10: Best Practices
Domino Tech School - Upgrading to Notes/Domino V10: Best PracticesDomino Tech School - Upgrading to Notes/Domino V10: Best Practices
Domino Tech School - Upgrading to Notes/Domino V10: Best Practices
 
IBM Lotus Domino Domain Monitoring (DDM)
IBM Lotus Domino Domain Monitoring (DDM)IBM Lotus Domino Domain Monitoring (DDM)
IBM Lotus Domino Domain Monitoring (DDM)
 
Simplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAMLSimplifying The S's: Single Sign-On, SPNEGO and SAML
Simplifying The S's: Single Sign-On, SPNEGO and SAML
 
HCL Domino V12 - TOTP
HCL Domino V12 - TOTPHCL Domino V12 - TOTP
HCL Domino V12 - TOTP
 
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
Engage 2018: IBM Notes and Domino Performance Boost - Reloaded
 
60 Admin Tips
60 Admin Tips60 Admin Tips
60 Admin Tips
 
October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...
October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...
October OpenNTF Webinar - What we like about Domino/Notes 12, recommended new...
 
INF107 - Integrating HCL Domino and Microsoft 365
INF107 - Integrating HCL Domino and Microsoft 365INF107 - Integrating HCL Domino and Microsoft 365
INF107 - Integrating HCL Domino and Microsoft 365
 
Understanding domino memory 2017
Understanding domino memory 2017Understanding domino memory 2017
Understanding domino memory 2017
 
RESTful services on IBM Domino/XWork
RESTful services on IBM Domino/XWorkRESTful services on IBM Domino/XWork
RESTful services on IBM Domino/XWork
 
From frustration to fascination: dissecting Replication
From frustration to fascination: dissecting ReplicationFrom frustration to fascination: dissecting Replication
From frustration to fascination: dissecting Replication
 
June OpenNTF Webinar - Domino V12 Certification Manager
June OpenNTF Webinar - Domino V12 Certification ManagerJune OpenNTF Webinar - Domino V12 Certification Manager
June OpenNTF Webinar - Domino V12 Certification Manager
 
Bewährte Praktiken für HCL Notes/Domino-Sicherheit. Teil 2: Der Domino-Server
Bewährte Praktiken für HCL Notes/Domino-Sicherheit. Teil 2: Der Domino-ServerBewährte Praktiken für HCL Notes/Domino-Sicherheit. Teil 2: Der Domino-Server
Bewährte Praktiken für HCL Notes/Domino-Sicherheit. Teil 2: Der Domino-Server
 

Viewers also liked

Fun With SHA2 Certificates
Fun With SHA2 CertificatesFun With SHA2 Certificates
Fun With SHA2 Certificates
Gabriella Davis
 
Benefits and Risks of a Single Identity - IBM Connect 2017
Benefits and Risks of a Single Identity - IBM Connect 2017Benefits and Risks of a Single Identity - IBM Connect 2017
Benefits and Risks of a Single Identity - IBM Connect 2017
Gabriella Davis
 
Traveler management, security and performance
Traveler management, security and performanceTraveler management, security and performance
Traveler management, security and performance
Gabriella Davis
 
BP201 Creating Your Own Connections Confection - Getting The Flavour Right
BP201 Creating Your Own Connections Confection - Getting The Flavour RightBP201 Creating Your Own Connections Confection - Getting The Flavour Right
BP201 Creating Your Own Connections Confection - Getting The Flavour Right
Gabriella Davis
 
IBM Traveler Management, Security and Performance
IBM Traveler Management, Security and PerformanceIBM Traveler Management, Security and Performance
IBM Traveler Management, Security and Performance
Gabriella Davis
 
Domino in the Back, Party In The Front
Domino in the Back, Party In The FrontDomino in the Back, Party In The Front
Domino in the Back, Party In The Front
Gabriella Davis
 
Planning & Completing An IBM Connections Upgrade
Planning & Completing An IBM Connections UpgradePlanning & Completing An IBM Connections Upgrade
Planning & Completing An IBM Connections Upgrade
Gabriella Davis
 
Planning and Completing an IBM Connections Upgrade
Planning and Completing an IBM Connections UpgradePlanning and Completing an IBM Connections Upgrade
Planning and Completing an IBM Connections Upgrade
Gabriella Davis
 
Connections Directory Integration: A Tour Through Best Practices for Directo...
Connections Directory Integration: A Tour Through Best Practices for Directo...Connections Directory Integration: A Tour Through Best Practices for Directo...
Connections Directory Integration: A Tour Through Best Practices for Directo...
Gabriella Davis
 
External Users Accessing Connections
External Users Accessing Connections External Users Accessing Connections
External Users Accessing Connections
Gabriella Davis
 
Changing technologies
Changing technologiesChanging technologies
Changing technologies
Gabriella Davis
 
Industrial Training on PLC SCADA HMI for fresher engineers
Industrial Training on PLC SCADA HMI for fresher engineersIndustrial Training on PLC SCADA HMI for fresher engineers
Industrial Training on PLC SCADA HMI for fresher engineers
Sneha Yadav
 
Penumbra briefing
Penumbra briefingPenumbra briefing
Penumbra briefing
Gabriella Davis
 
1084: Planning and Completing an IBM Connections Upgrade
1084: Planning and Completing an IBM Connections Upgrade 1084: Planning and Completing an IBM Connections Upgrade
1084: Planning and Completing an IBM Connections Upgrade
Gabriella Davis
 
Working With Sametime For Mobile Devices
Working With Sametime For Mobile DevicesWorking With Sametime For Mobile Devices
Working With Sametime For Mobile Devices
Gabriella Davis
 
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
Gabriella Davis
 
The Sametime Mobile Experience
The Sametime Mobile ExperienceThe Sametime Mobile Experience
The Sametime Mobile Experience
Gabriella Davis
 
CAR HMI TRENDS & FORCES 2014 - SURVEY REPORT
CAR HMI TRENDS & FORCES 2014 - SURVEY REPORTCAR HMI TRENDS & FORCES 2014 - SURVEY REPORT
CAR HMI TRENDS & FORCES 2014 - SURVEY REPORT
Maria Willamowius
 
PLC General
PLC GeneralPLC General
PLC General
Sidharth Mohapatra
 
A Guide To Sametime 9.0.1 Audio & Video
A Guide To Sametime 9.0.1 Audio & VideoA Guide To Sametime 9.0.1 Audio & Video
A Guide To Sametime 9.0.1 Audio & Video
Gabriella Davis
 

Viewers also liked (20)

Fun With SHA2 Certificates
Fun With SHA2 CertificatesFun With SHA2 Certificates
Fun With SHA2 Certificates
 
Benefits and Risks of a Single Identity - IBM Connect 2017
Benefits and Risks of a Single Identity - IBM Connect 2017Benefits and Risks of a Single Identity - IBM Connect 2017
Benefits and Risks of a Single Identity - IBM Connect 2017
 
Traveler management, security and performance
Traveler management, security and performanceTraveler management, security and performance
Traveler management, security and performance
 
BP201 Creating Your Own Connections Confection - Getting The Flavour Right
BP201 Creating Your Own Connections Confection - Getting The Flavour RightBP201 Creating Your Own Connections Confection - Getting The Flavour Right
BP201 Creating Your Own Connections Confection - Getting The Flavour Right
 
IBM Traveler Management, Security and Performance
IBM Traveler Management, Security and PerformanceIBM Traveler Management, Security and Performance
IBM Traveler Management, Security and Performance
 
Domino in the Back, Party In The Front
Domino in the Back, Party In The FrontDomino in the Back, Party In The Front
Domino in the Back, Party In The Front
 
Planning & Completing An IBM Connections Upgrade
Planning & Completing An IBM Connections UpgradePlanning & Completing An IBM Connections Upgrade
Planning & Completing An IBM Connections Upgrade
 
Planning and Completing an IBM Connections Upgrade
Planning and Completing an IBM Connections UpgradePlanning and Completing an IBM Connections Upgrade
Planning and Completing an IBM Connections Upgrade
 
Connections Directory Integration: A Tour Through Best Practices for Directo...
Connections Directory Integration: A Tour Through Best Practices for Directo...Connections Directory Integration: A Tour Through Best Practices for Directo...
Connections Directory Integration: A Tour Through Best Practices for Directo...
 
External Users Accessing Connections
External Users Accessing Connections External Users Accessing Connections
External Users Accessing Connections
 
Changing technologies
Changing technologiesChanging technologies
Changing technologies
 
Industrial Training on PLC SCADA HMI for fresher engineers
Industrial Training on PLC SCADA HMI for fresher engineersIndustrial Training on PLC SCADA HMI for fresher engineers
Industrial Training on PLC SCADA HMI for fresher engineers
 
Penumbra briefing
Penumbra briefingPenumbra briefing
Penumbra briefing
 
1084: Planning and Completing an IBM Connections Upgrade
1084: Planning and Completing an IBM Connections Upgrade 1084: Planning and Completing an IBM Connections Upgrade
1084: Planning and Completing an IBM Connections Upgrade
 
Working With Sametime For Mobile Devices
Working With Sametime For Mobile DevicesWorking With Sametime For Mobile Devices
Working With Sametime For Mobile Devices
 
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
1086: The SSL Problem and How to Deploy SHA2 Certificates (with Mark Myers)
 
The Sametime Mobile Experience
The Sametime Mobile ExperienceThe Sametime Mobile Experience
The Sametime Mobile Experience
 
CAR HMI TRENDS & FORCES 2014 - SURVEY REPORT
CAR HMI TRENDS & FORCES 2014 - SURVEY REPORTCAR HMI TRENDS & FORCES 2014 - SURVEY REPORT
CAR HMI TRENDS & FORCES 2014 - SURVEY REPORT
 
PLC General
PLC GeneralPLC General
PLC General
 
A Guide To Sametime 9.0.1 Audio & Video
A Guide To Sametime 9.0.1 Audio & VideoA Guide To Sametime 9.0.1 Audio & Video
A Guide To Sametime 9.0.1 Audio & Video
 

Similar to Spnego configuration

Web hosting and concepts of SEO UNIT 5
Web hosting and concepts of SEO UNIT 5Web hosting and concepts of SEO UNIT 5
Web hosting and concepts of SEO UNIT 5
SURBHI SAROHA
 
Domino Fitness. Time for a Health Check
Domino Fitness. Time for a Health CheckDomino Fitness. Time for a Health Check
Domino Fitness. Time for a Health Check
Jared Roberts
 
A Technical Guide To Deploying Single Sign On
A Technical Guide To Deploying Single Sign OnA Technical Guide To Deploying Single Sign On
A Technical Guide To Deploying Single Sign On
Gabriella Davis
 
× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...
× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...
× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...
Gabriella Davis
 
2015 03 06 lmtv wtf http webcast
2015 03 06 lmtv wtf http webcast2015 03 06 lmtv wtf http webcast
2015 03 06 lmtv wtf http webcast
Tony Fortunato
 
Practical solutions for connections administrators
Practical solutions for connections administratorsPractical solutions for connections administrators
Practical solutions for connections administrators
Sharon James
 
Exchange outlook2007setup
Exchange outlook2007setupExchange outlook2007setup
Exchange outlook2007setupthexyz
 
Exchange Outlook 2007 Setup
Exchange Outlook 2007 SetupExchange Outlook 2007 Setup
Exchange Outlook 2007 Setup
thexyz
 
Learn to Add an SSL Certificate Boost Your Site's Security.pdf
Learn to Add an SSL Certificate Boost Your Site's Security.pdfLearn to Add an SSL Certificate Boost Your Site's Security.pdf
Learn to Add an SSL Certificate Boost Your Site's Security.pdf
ReliqusConsulting
 
Using Wireframes
Using WireframesUsing Wireframes
Using Wireframes
Mark Calkins
 
Geek Guide - Shared Hosting
Geek Guide - Shared HostingGeek Guide - Shared Hosting
Geek Guide - Shared Hostingwebhostingguy
 
Steps for csr generation sap netweaver
Steps for csr generation sap netweaverSteps for csr generation sap netweaver
Steps for csr generation sap netweaverrathiyash
 
DDive11 - Quickr HowTo
DDive11 - Quickr HowToDDive11 - Quickr HowTo
DDive11 - Quickr HowTo
Dominopoint - Italian Lotus User Group
 
Using MAMP for Web Development
Using MAMP for Web DevelopmentUsing MAMP for Web Development
Using MAMP for Web Development
Eric Greene
 
Deploy sql express and share point foundation
Deploy sql express and share point foundationDeploy sql express and share point foundation
Deploy sql express and share point foundation
Tep Chanveasna
 
BP108 Admin for the Developer -- Build and Secure Your Own IBM Lotus Domino S...
BP108 Admin for the Developer -- Build and Secure Your Own IBM Lotus Domino S...BP108 Admin for the Developer -- Build and Secure Your Own IBM Lotus Domino S...
BP108 Admin for the Developer -- Build and Secure Your Own IBM Lotus Domino S...
NerdGirlJess
 
03 setting up database server sample
03 setting up database server sample03 setting up database server sample
03 setting up database server sample
Sarath Chandra Aravapalli
 
Digital certificates
Digital certificatesDigital certificates
Digital certificates
DouglasPickett
 
Dhcp, dns and proxy server (1)
Dhcp, dns and proxy server (1)Dhcp, dns and proxy server (1)
Dhcp, dns and proxy server (1)Sahira Khan
 

Similar to Spnego configuration (20)

Web hosting and concepts of SEO UNIT 5
Web hosting and concepts of SEO UNIT 5Web hosting and concepts of SEO UNIT 5
Web hosting and concepts of SEO UNIT 5
 
Domino Fitness. Time for a Health Check
Domino Fitness. Time for a Health CheckDomino Fitness. Time for a Health Check
Domino Fitness. Time for a Health Check
 
A Technical Guide To Deploying Single Sign On
A Technical Guide To Deploying Single Sign OnA Technical Guide To Deploying Single Sign On
A Technical Guide To Deploying Single Sign On
 
× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...
× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...
× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...
 
2015 03 06 lmtv wtf http webcast
2015 03 06 lmtv wtf http webcast2015 03 06 lmtv wtf http webcast
2015 03 06 lmtv wtf http webcast
 
Practical solutions for connections administrators
Practical solutions for connections administratorsPractical solutions for connections administrators
Practical solutions for connections administrators
 
Ad installation
Ad installationAd installation
Ad installation
 
Exchange outlook2007setup
Exchange outlook2007setupExchange outlook2007setup
Exchange outlook2007setup
 
Exchange Outlook 2007 Setup
Exchange Outlook 2007 SetupExchange Outlook 2007 Setup
Exchange Outlook 2007 Setup
 
Learn to Add an SSL Certificate Boost Your Site's Security.pdf
Learn to Add an SSL Certificate Boost Your Site's Security.pdfLearn to Add an SSL Certificate Boost Your Site's Security.pdf
Learn to Add an SSL Certificate Boost Your Site's Security.pdf
 
Using Wireframes
Using WireframesUsing Wireframes
Using Wireframes
 
Geek Guide - Shared Hosting
Geek Guide - Shared HostingGeek Guide - Shared Hosting
Geek Guide - Shared Hosting
 
Steps for csr generation sap netweaver
Steps for csr generation sap netweaverSteps for csr generation sap netweaver
Steps for csr generation sap netweaver
 
DDive11 - Quickr HowTo
DDive11 - Quickr HowToDDive11 - Quickr HowTo
DDive11 - Quickr HowTo
 
Using MAMP for Web Development
Using MAMP for Web DevelopmentUsing MAMP for Web Development
Using MAMP for Web Development
 
Deploy sql express and share point foundation
Deploy sql express and share point foundationDeploy sql express and share point foundation
Deploy sql express and share point foundation
 
BP108 Admin for the Developer -- Build and Secure Your Own IBM Lotus Domino S...
BP108 Admin for the Developer -- Build and Secure Your Own IBM Lotus Domino S...BP108 Admin for the Developer -- Build and Secure Your Own IBM Lotus Domino S...
BP108 Admin for the Developer -- Build and Secure Your Own IBM Lotus Domino S...
 
03 setting up database server sample
03 setting up database server sample03 setting up database server sample
03 setting up database server sample
 
Digital certificates
Digital certificatesDigital certificates
Digital certificates
 
Dhcp, dns and proxy server (1)
Dhcp, dns and proxy server (1)Dhcp, dns and proxy server (1)
Dhcp, dns and proxy server (1)
 

More from Gabriella Davis

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
 
. Design Decisions: Developing for Mobile - The Template Experience Project
. Design Decisions: Developing for Mobile - The Template Experience Project. Design Decisions: Developing for Mobile - The Template Experience Project
. Design Decisions: Developing for Mobile - The Template Experience Project
Gabriella Davis
 
Face Off Domino vs Exchange On Premises
Face Off Domino vs Exchange On PremisesFace Off Domino vs Exchange On Premises
Face Off Domino vs Exchange On Premises
Gabriella Davis
 
Adminlicious - A Guide To TCO Features In Domino v10
Adminlicious - A Guide To TCO Features In Domino v10Adminlicious - A Guide To TCO Features In Domino v10
Adminlicious - A Guide To TCO Features In Domino v10
Gabriella Davis
 
An Introduction to Configuring Domino for Docker
An Introduction to Configuring Domino for DockerAn Introduction to Configuring Domino for Docker
An Introduction to Configuring Domino for Docker
Gabriella Davis
 
An Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsAn Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation Requirements
Gabriella Davis
 
An introduction to configuring Domino for Docker
An introduction to configuring Domino for DockerAn introduction to configuring Domino for Docker
An introduction to configuring Domino for Docker
Gabriella Davis
 
How To Approach GDPR Preparation & Discovery
How To Approach GDPR Preparation & DiscoveryHow To Approach GDPR Preparation & Discovery
How To Approach GDPR Preparation & Discovery
Gabriella Davis
 
An Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsAn Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation Requirements
Gabriella Davis
 
Brand Yourself
Brand YourselfBrand Yourself
Brand Yourself
Gabriella Davis
 
Home Working
Home WorkingHome Working
Home Working
Gabriella Davis
 
A Guide To Single Sign-On for IBM Collaboration Solutions
A Guide To Single Sign-On for IBM Collaboration SolutionsA Guide To Single Sign-On for IBM Collaboration Solutions
A Guide To Single Sign-On for IBM Collaboration Solutions
Gabriella Davis
 
The Imposter Syndrome
The Imposter SyndromeThe Imposter Syndrome
The Imposter Syndrome
Gabriella Davis
 
What's New in Notes, Sametime and Verse On-Premises
What's New in Notes, Sametime and Verse On-PremisesWhat's New in Notes, Sametime and Verse On-Premises
What's New in Notes, Sametime and Verse On-Premises
Gabriella Davis
 
An Introduction To Docker
An Introduction To DockerAn Introduction To Docker
An Introduction To Docker
Gabriella Davis
 
An Introduction To Docker
An Introduction To DockerAn Introduction To Docker
An Introduction To Docker
Gabriella Davis
 
Setting Up a Hybrid Domino Environment to Ease your Way to the Cloud
Setting Up a Hybrid Domino Environment to Ease your Way to the CloudSetting Up a Hybrid Domino Environment to Ease your Way to the Cloud
Setting Up a Hybrid Domino Environment to Ease your Way to the Cloud
Gabriella Davis
 
Embracing iot in the enterprise
Embracing iot in the enterpriseEmbracing iot in the enterprise
Embracing iot in the enterprise
Gabriella Davis
 
The SSL Problem and How to Deploy SHA2 Certificates
The SSL Problem and How to Deploy SHA2 CertificatesThe SSL Problem and How to Deploy SHA2 Certificates
The SSL Problem and How to Deploy SHA2 Certificates
Gabriella Davis
 

More from Gabriella Davis (19)

A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
. Design Decisions: Developing for Mobile - The Template Experience Project
. Design Decisions: Developing for Mobile - The Template Experience Project. Design Decisions: Developing for Mobile - The Template Experience Project
. Design Decisions: Developing for Mobile - The Template Experience Project
 
Face Off Domino vs Exchange On Premises
Face Off Domino vs Exchange On PremisesFace Off Domino vs Exchange On Premises
Face Off Domino vs Exchange On Premises
 
Adminlicious - A Guide To TCO Features In Domino v10
Adminlicious - A Guide To TCO Features In Domino v10Adminlicious - A Guide To TCO Features In Domino v10
Adminlicious - A Guide To TCO Features In Domino v10
 
An Introduction to Configuring Domino for Docker
An Introduction to Configuring Domino for DockerAn Introduction to Configuring Domino for Docker
An Introduction to Configuring Domino for Docker
 
An Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsAn Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation Requirements
 
An introduction to configuring Domino for Docker
An introduction to configuring Domino for DockerAn introduction to configuring Domino for Docker
An introduction to configuring Domino for Docker
 
How To Approach GDPR Preparation & Discovery
How To Approach GDPR Preparation & DiscoveryHow To Approach GDPR Preparation & Discovery
How To Approach GDPR Preparation & Discovery
 
An Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation RequirementsAn Introduction To The DMARC SMTP Validation Requirements
An Introduction To The DMARC SMTP Validation Requirements
 
Brand Yourself
Brand YourselfBrand Yourself
Brand Yourself
 
Home Working
Home WorkingHome Working
Home Working
 
A Guide To Single Sign-On for IBM Collaboration Solutions
A Guide To Single Sign-On for IBM Collaboration SolutionsA Guide To Single Sign-On for IBM Collaboration Solutions
A Guide To Single Sign-On for IBM Collaboration Solutions
 
The Imposter Syndrome
The Imposter SyndromeThe Imposter Syndrome
The Imposter Syndrome
 
What's New in Notes, Sametime and Verse On-Premises
What's New in Notes, Sametime and Verse On-PremisesWhat's New in Notes, Sametime and Verse On-Premises
What's New in Notes, Sametime and Verse On-Premises
 
An Introduction To Docker
An Introduction To DockerAn Introduction To Docker
An Introduction To Docker
 
An Introduction To Docker
An Introduction To DockerAn Introduction To Docker
An Introduction To Docker
 
Setting Up a Hybrid Domino Environment to Ease your Way to the Cloud
Setting Up a Hybrid Domino Environment to Ease your Way to the CloudSetting Up a Hybrid Domino Environment to Ease your Way to the Cloud
Setting Up a Hybrid Domino Environment to Ease your Way to the Cloud
 
Embracing iot in the enterprise
Embracing iot in the enterpriseEmbracing iot in the enterprise
Embracing iot in the enterprise
 
The SSL Problem and How to Deploy SHA2 Certificates
The SSL Problem and How to Deploy SHA2 CertificatesThe SSL Problem and How to Deploy SHA2 Certificates
The SSL Problem and How to Deploy SHA2 Certificates
 

Recently uploaded

原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
3ipehhoa
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
laozhuseo02
 
Output determination SAP S4 HANA SAP SD CC
Output determination SAP S4 HANA SAP SD CCOutput determination SAP S4 HANA SAP SD CC
Output determination SAP S4 HANA SAP SD CC
ShahulHameed54211
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
3ipehhoa
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
Rogerio Filho
 
Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
JungkooksNonexistent
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
Arif0071
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
laozhuseo02
 
ER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAE
Himani415946
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
nirahealhty
 
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptxLiving-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
TristanJasperRamos
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
Gal Baras
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
3ipehhoa
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
JeyaPerumal1
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
natyesu
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Sanjeev Rampal
 

Recently uploaded (16)

原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
原版仿制(uob毕业证书)英国伯明翰大学毕业证本科学历证书原版一模一样
 
The+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptxThe+Prospects+of+E-Commerce+in+China.pptx
The+Prospects+of+E-Commerce+in+China.pptx
 
Output determination SAP S4 HANA SAP SD CC
Output determination SAP S4 HANA SAP SD CCOutput determination SAP S4 HANA SAP SD CC
Output determination SAP S4 HANA SAP SD CC
 
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
急速办(bedfordhire毕业证书)英国贝德福特大学毕业证成绩单原版一模一样
 
guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...guildmasters guide to ravnica Dungeons & Dragons 5...
guildmasters guide to ravnica Dungeons & Dragons 5...
 
Latest trends in computer networking.pptx
Latest trends in computer networking.pptxLatest trends in computer networking.pptx
Latest trends in computer networking.pptx
 
test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...test test test test testtest test testtest test testtest test testtest test ...
test test test test testtest test testtest test testtest test testtest test ...
 
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shopHistory+of+E-commerce+Development+in+China-www.cfye-commerce.shop
History+of+E-commerce+Development+in+China-www.cfye-commerce.shop
 
ER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAEER(Entity Relationship) Diagram for online shopping - TAE
ER(Entity Relationship) Diagram for online shopping - TAE
 
This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!This 7-second Brain Wave Ritual Attracts Money To You.!
This 7-second Brain Wave Ritual Attracts Money To You.!
 
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptxLiving-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
Living-in-IT-era-Module-7-Imaging-and-Design-for-Social-Impact.pptx
 
How to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptxHow to Use Contact Form 7 Like a Pro.pptx
How to Use Contact Form 7 Like a Pro.pptx
 
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
1比1复刻(bath毕业证书)英国巴斯大学毕业证学位证原版一模一样
 
1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...1.Wireless Communication System_Wireless communication is a broad term that i...
1.Wireless Communication System_Wireless communication is a broad term that i...
 
BASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptxBASIC C++ lecture NOTE C++ lecture 3.pptx
BASIC C++ lecture NOTE C++ lecture 3.pptx
 
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesMulti-cluster Kubernetes Networking- Patterns, Projects and Guidelines
Multi-cluster Kubernetes Networking- Patterns, Projects and Guidelines
 

Spnego configuration

  • 1. July 2015 IntegratedWeb Authentication & Domino Gabriella Davis The Turtle Partnership
  • 2. Outline ✤ Function and use of IWA ✤ System Requirements ✤ How To Configure SPNEGO ✤ Things To Consider
  • 3. What Is IWA ✤ Integrated Web Authentication (IWA) is an umbrella term that represents several protocols and technologies used by Microsoft for automatic authentication ✤ SPNEGO is an IWA service that determines which protocol the client and server need to use to talk ✤ Microsoft uses SPNEGO for its HTTP authentication negotiation ✤ Protocols that can be used by SPNEGO for IWA include Kerberos and NTLM
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13. System Requirements ✤ Domino 8.5.1 or later as the initial authentication server ✤ Windows Active Directory with Windows 2003 or later compatibility mode ✤ Browsers ✤ IE ✤ Firefox (Windows) ✤ Chrome 8 and higher (Windows)
  • 14. The Lab Environment Active Directory Windows 2008 R2 DC cn=dc,dc=turtletest,dc=com Domino Server Windows 2008 R2 9.0.1 dominoweb.turtletest.com Swan/Turtle cn=dominoweb,dc=computers,dc=turtletest,dc=com Windows 7 Client Machine cn=lihue,dc=computers,dc=turtletest,dc=com cn=gabriella,dc=lihue
  • 15. How Does ItWorkWith Domino ✤ There must be a relationship between Domino and AD for the authentication “conversation” to happen ✤ Domino must run as a service under Windows ✤ Use a named AD account to run the service ✤ Create a Service Principal Name in Active Directory for each URL hostname that will be passed to Domino
  • 17. Domino Configuration ✤ Internet Site Documents ✤ Web Single Sign On Document ✤ HTTP Site Document ✤ Domino start as service with named user ✤ Configuring Domino to start with a java controller
  • 18. Internet Site Documents ✤ Ensure the Domino server document is set to use Internet Site Documents ✤ this isn’t a requirement but will make the SPNEGO configuration easier to manage
  • 19. Web Single Sign On Document
  • 21. Domino Start As Service ✤ Domino must be started using an AD account not a local system account. A local system account does not support use by multiple web servers or the user of an ip sprayer
  • 22. Configure DominoTo StartWith Java Controller ✤ Once you configure Domino to start as a named account you need to use the java controller to monitor Domino on the server itself ✤ Use Windows regedit to modify the registry ✤ find the entries representing the Domino server (search for notes.ini) and add -jc -c Consider adding to the server notes.ini file ServerController=1 TCPIP_ControllerTcpIpAddress=<ipaddress>:2050
  • 23. Active Directory ✤ We must create a Service Principal Name (SPN) in Active Directory to represent any hostname the Domino web server will use and the account running the Domino server ✤ This can be done two ways ✤ using the domspnego utility ✤ manually ✤ You will need to find and use setpspn.exe on the Domain Controller
  • 24. Using domspnego ✤ From the Domino program directory in a command window type domspnego ✤ domspnego -? shows a help for the command ✤ domspnego <name of output file to generate) ✤ domspengo dominowebservice
  • 25. Domspnego Output ✤ You will need to know ✤ The account name Domino is running under ✤ Any hostnames used for web access ✤ Any ip sprayer hostnames ✤ Answering the prompted questions will generate a .cmd file you can edit in notepad to see the commands you will want to run
  • 27. Creating the SPN ✤ On the domain controller find the “setspn.exe” utility ✤ The syntax is ✤ setspn -a HTTP / <hostname> <adserviceaccount> ✤ The commands for running the SPN will be in your output file generated by domspnego e.g. setspn -a HTTP/dominoweb.turtletest.com dominowebservice
  • 28. SPN Rules ✤ There can only be one SPN for a hostname ✤ If you need to change the service account bound to the SPN you must delete the original one first and create a new one ✤ To delete an SPN type “d” instead of “a” on the setspn command setspn -d HTTP/dominoweb.turtletest.com dominowebservice
  • 29. SPN Commands ✤ Create a SPN ✤ Confirm a SPN ✤ Remove a SPN
  • 30. Name Mappings ✤ To grant Domino access to a database there must be an ACL entry for the user ✤ The windows Kerberos name must be an entry in the fullname field of the user’s person document so Domino can match the Windows logged in name to the ACL ✤ There should be 2 entries before it, the user’s hierarchical name (used in the ACL) and the user’s common name ✤ The Windows user “Gabriella” logging into the windows domain “turtletest.com” (gabriella@turtletest.com) will be translated by Domino into Gabriella Davis/Turtle for ACL access ✤ Use the exact case AD uses for the name part and always capitals for the domain part
  • 31. Directory Assistance ✤ SPNEGO users do not use passwords in any way ✤ The domino http password field on the person documents can therefore be empty ✤ Should you want non-SPNEGO users to login they can either use the Domino HTTP Password OR you can configure Active Directory under Directory Assistance ✤ That then authenticates users accessing Domino using their AD names and passwords
  • 32. Managing Users - OPTIONAL ✤ If you do want to manage users in Active Directory instead of in Domino you can do so but the environment needs to be configured for that ✤ they must still be present in Domino person documents ✤ The Active Directory entry must have an attribute containing the user’s hierarchical Domino name ✤ Directory Assistance must be configured for authentication to Active Directory ✤ Keeping the user names synchronised across both environments requires a tool such as Tivoli Directory Integrator
  • 33. Browser Configuration ✤ SPNEGO supports Windows browsers IE, Firefox and Chrome >8 ✤ Configuration for each must be done on the client side and is different for each browser ✤ This may change in the future if the browser versions change
  • 34. Internet Explorer Configuration ✤ Start IE and click Tools > Internet Options ✤ Select the Security tab ✤ Select "Local intranet" and click Sites. ✤ Ensure that the "Include all sites that bypass the proxy server" is checked. ✤ Click Advanced ✤ Add the URL for the Domino server http://dominoweb.turtlest.com and click OK twice. Or use a wildcard to provide the ability to connect to more than one SPNEGO-enabled Domino server in the domain *.turtletest.com ✤ Click Custom Level, scroll to the User Authentication section, select "Automatic logon only in Intranet zone," and click OK. ✤ Click the Advanced tab, scroll to the Security section, verify the option "Enable Integrated Windows Authentication (requires restart)" is selected.
  • 35. Firefox Configuration ✤ Start Firefox and in the URL address box, type about:config ✤ In the Filter box, type network.n ✤ Double-click network.negotiate-auth.trusted-uris, and enter the URL 
 http://dominoweb.turtletest.com or use a wildcard to provide the ability to connect to more than one SPNEGO-enabled Domino server in the domain http://*.turtletest.com or 
 separate multiple entries with commas. ✤ Click OK and restart the browser.
  • 36. Chrome Configuration ✤ Chrome uses the configuration settings from Internet Explorer ✤ Alternatively in Windows use Internet Options under Control Panel
  • 37. Non SPNEGO Behaviour ✤ Users who don’t login to the Windows AD domain cannot use SPNEGO ✤ Once you configure the URL and web server for SPNEGO it can only be used by SPNEGO enabled clients and browsers ✤ There are programmatic tools available including DSAPI filters that will intercept the request and redirect it for non SPNEGO users ✤ Alternately non-SPNEGO users can be given a different hostname/URL to use
  • 38. Multiple Sites / URLs ✤ For every hostname or site document that the web server responds to a SPN needs to be created ✤ This includes any load balancers ✤ Any server aliases that will resolve in URLs must also have SPN entries ✤ Remember only one SPN per hostname and that must correspond to the owning account of the Domino service
  • 39. SPNEGO Support ✤ SPNEGO is supported for Domino web applications including iNotes ✤ but not Traveler ✤ SPNEGO is also supported inside eclipse for feeds, sametime, connections etc ✤ but not for Notes basic ✤ SPNEGO is not supported for Notes client access
  • 40. Troubleshooting ✤ On Windows 7 and Windows Vista, SPNEGO is not functional for users who are members of the Administrators group when UAC is enabled. To use SPNEGO on these platforms, advise the client user to launch Notes with elevated privileges, disable UAC, or log in as a non-admin user. ✤ DEBUG_HTTP_SERVER_SPNEGO = 1 ✤ http://www-01.ibm.com/support/docview.wss? uid=swg21394592