Lotus Domino R6 and Windows Active Directory SSO

In R6, the procedure in making this work have changed.

When setting this up, I found Jake’s ”Alternative to the Domino HTTP stack” article, but the instructions are for an R5 server. The R6 Admin help have a small guide, but it contains some errors. After a quick search on IBM’s site, I found the document ”How do i enable Domino R6 with Microsoft’s Internet Information Services?”. In 3 pages it explains in detail how to set things up. But it isn’t enough to get SSO running.

The details can be found in ”Details of Microsoft IIS security options” in the R6 help. The interesting parts are:

  • The person documents must contain the AD Domain and user name in the FullName field. It should be in the form DOMAINUserName, ie. MyADDomainJohan Känngård
  • The server itself must be a member of the same Active Directory as the users
  • The HTTPPassword field in the person documents are ignored