Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.
For more information and upcoming events around #dominoforever, please visit our Destination Domino Page
The SAML Service Provider implemented in Domino 10 is much better than in the previous versions and integrates without a problem with all standard-complying IdPs.
However, one important feature is missing and that is Single (a.k.a. Global) Logout.
In the current implementation, when a user logs out from Domino, Domino does not end session with the IdP. Since the browser still possesses session information from the IdP, a user (same or another!) only needs to access Domino server again and he/she will be granted access.
This shortcoming is described in the document Using Security Assertion Markup Language (SAML) to configure federated-identity authentication on page 45.
We need a functioning Single Logout in order to provide truly secure solutions that do not depend on users remembering multiple steps required to completely log-out.