Skip to Main Content
HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Status Under Consideration
Workspace Notes
Created by Guest
Created on Aug 31, 2021

Windows SSO (Kerberos) with Notes Federated Login

While configuring Windows SSO (Kerberos) with NFL for Notes client using F5 IdP, it has been observed that it is still showing IdP authentication popup. We don't want that users have to enter an username and password when they open the Notes Client.

Already implemented IWA for F5 IdP as IWA provides Notes/Domino users the ability to login using SAML authentication.

It has been identified that F5 IdP offers both:
WWW-Authenticate: Basic Realm=""
WWW-Authenticate: Negotiate

Setting up F5 IdP to use just Negotiated-Kerberos (and dropping basic) the Notes Clients works fine, it doesn't ask for IdP user password. If the Notes browser is given a choice, it's free it pick one so a SAMLBrowser picked the Basic since the server indicates either one is supported.

We are expecting that the Notes client browser should be able to choose Negotiated instead of Basic even if IdP offers both Basic & Negotiated.

  • Attach files
  • Admin
    Thomas Hampel
    Reply
    |
    Jun 10, 2023

    Moving to Notes client product category.