Posts Tagged ‘Kerberos’

Domino and Kerberos SSO

March 11th, 2010 No comments

Having pretty good luck with this, once the pieces were in place. Security gave me permission to use an existing attribute in AD, so we don’t have to mess with ADAM. That’s working fine, and I finally figured out the right configuration for the browser:

Local Intranet – can contain the FQDN of the Kerberos-enabled host, but can get by with a wildcard (e.g., *

Proxy Exceptions list – If you’re using a proxy, the FQDN of the Kerberos-enabled Domino host must be in this list, and it must come before any wildcard entries. A wildcard entry by itself will, in fact, break Domino SSO (not so for SharePoint on Kerberos SSO). So, if you have a FQDN like and you also need * in the Exceptions list, must come first.

Categories: Domino Tags: , ,