HCL Domino Ideas Portal
Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.
For more information and upcoming events around #dominoforever, please visit our Destination Domino Page
You can already configure HTTP authentication settings by Internet Site, so some sites could support anonymous, others basic, others TLS client cert, others bearer auth, or some combination of the above. Web user login with OIDC is also per-site via idpcat.nsf, but SAML configuration is global for an entire server.
for reference, this is an article showing how to combine different authentication methods. https://blog.thomashampel.com/blog/tomcat2000.nsf/dx/domino-singlesignon-level-4-seamless-kerberos-authentication-via-spnego-with-fallback-option.htm
I have a customer that is requesting this option from DOMCFG login. The ask is to have the $$LoginForm with an option to use Basic Domino Authentication (username and password) and post the credentials against the Domino directory. The other option is to have a button URL link on the $$LoginFto which targets AzureAD for SSO authentication. The reason for both options is that many of the end users are not hosted in AzureAD instance which hosts the Auth App. So, the customer would like to have both options for authentication (for now).
According to the customer, they want to accept REST API use for some specific users only due to their security reason.