Skip to content

Enabling single sign-on for SAML 2.0

Configure HCL Connections™ if you want to use the SAML (Security Assertion Markup Language) 2.0 Web SSO redirection services support to implement user authentication and single sign-on (SSO).

Complete the following prerequisite conditions:

  • Verify that the Default application (Snoop) is protected by SAML 2.0.
  • Ensure that you can access Connections applications from a web browser.
  • Each href attribute in the LotusConnections-config.xml file is case-sensitive and must specify a fully-qualified domain name.

    Note: Lowercase is required for URLs. Many modern browsers will set the domain to lowercase before making a request. For URLs to match with those browsers, lowercase must be used when specifying domain names.

  • The connectionsAdmin J2C alias that you specified during installation must correspond to a valid account that can authenticate with SAML. It may map to a backend administrative user account. This account must be capable of authenticating for single sign-on against SAML. If you need to update the user ID or credentials for this alias, see the Changing references to administrative credentials topic.

  • Install Connections, if you have not already done so, with all necessary software components as described in Installing.

  • Using the WebSphere Application server administrative console, navigate to Global security > Web and SIP security > Trust association > Interceptors > and make the following changes:

    1. Modify the SAML filter for Connections by copying and pasting the following values into the sso_1.sp.filter Values field:

    2. Create a new property called sso_1.sp.enforceTaiCookie and set its value to false.

  • Run Full Resynchronize for all nodes.

  • Stop all Connections clusters and then stop the DM.

  • Restart the DM and then restart all Connections clusters.

Parent topic:Configuring SAML redirection services for web SSO