#dominoforever | Product Ideas Portal

 

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

SAML - provide support for Single Logout

The SAML Service Provider implemented in Domino 10 is much better than in the previous versions and integrates without a problem with all standard-complying IdPs.

However, one important feature is missing and that is Single (a.k.a. Global) Logout.

In the current implementation, when a user logs out from Domino, Domino does not end session with the IdP. Since the browser still possesses session information from the IdP, a user (same or another!) only needs to access Domino server again and he/she will be granted access.

This shortcoming is described in the document Using Security Assertion Markup Language (SAML) to configure federated-identity authentication on page 45.

We need a functioning Single Logout in order to provide truly secure solutions that  do not depend on users remembering multiple steps required to completely log-out.

  • Guest
  • Sep 19 2018
  • Needs review
  • Attach files
  • Guest commented
    18 Dec, 2020 03:06pm

    SLO is much needed, this is a very valuable security feature

  • Guest commented
    9 Oct, 2019 07:14pm

    I agree with the poster.... we need a single SAML logout in order to provide a truly functional solution

  • Guest commented
    20 Dec, 2018 01:35pm

    CAS supported also needed fro SAML.