Skip to Main Content
HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Status Assessment
Workspace Domino
Categories Security
Created by Guest
Created on Sep 19, 2018

SAML - provide support for Single Logout

The SAML Service Provider implemented in Domino 10 is much better than in the previous versions and integrates without a problem with all standard-complying IdPs.

However, one important feature is missing and that is Single (a.k.a. Global) Logout.

In the current implementation, when a user logs out from Domino, Domino does not end session with the IdP. Since the browser still possesses session information from the IdP, a user (same or another!) only needs to access Domino server again and he/she will be granted access.

This shortcoming is described in the document Using Security Assertion Markup Language (SAML) to configure federated-identity authentication on page 45.

We need a functioning Single Logout in order to provide truly secure solutions that  do not depend on users remembering multiple steps required to completely log-out.

  • Attach files
  • Guest
    Reply
    |
    Jan 20, 2022

    I just read about that HTTPEnableConnectorHeaders is now longer available in Domino from version 12.0.1. This means that our current workaround with a proxy server in front of Domino will stop to work. We really need to be able to Logout directly from Domino

  • Guest
    Reply
    |
    Nov 18, 2021

    Yes, we need this. Now we need to setup another server in front of Domino to handle logout,

  • Guest
    Reply
    |
    Dec 18, 2020

    SLO is much needed, this is a very valuable security feature

  • Guest
    Reply
    |
    Oct 9, 2019

    I agree with the poster.... we need a single SAML logout in order to provide a truly functional solution

  • Guest
    Reply
    |
    Dec 20, 2018

    CAS supported also needed fro SAML.