Home > Domino > Domino and Kerberos SSO

Domino and Kerberos SSO

Having pretty good luck with this, once the pieces were in place. Security gave me permission to use an existing attribute in AD, so we don’t have to mess with ADAM. That’s working fine, and I finally figured out the right configuration for the browser:

Local Intranet – can contain the FQDN of the Kerberos-enabled host, but can get by with a wildcard (e.g., *.acme.com)

Proxy Exceptions list – If you’re using a proxy, the FQDN of the Kerberos-enabled Domino host must be in this list, and it must come before any wildcard entries. A wildcard entry by itself will, in fact, break Domino SSO (not so for SharePoint on Kerberos SSO). So, if you have a FQDN like domino.acme.com and you also need *.acme.com in the Exceptions list, domino.acme.com must come first.

Categories: Domino Tags: , ,