Skip to Main Content
HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino Page

Status Needs Review
Workspace Sametime
Categories Chat
Created by Guest
Created on Oct 4, 2024

Make Notes embedded Sametime client fully support SAML SSO - including IWA/SPNEGO authentication at Idp

While the Sametime documentation states how to configure SAML for Sametime and the embedded Sametime client has a SAML authentication option, the Notes embedded Sametime client does not fully support SAML SSO.

The SAML process offloads the authentication to the Idp. The user authenticates manually to the Idp, or the browser uses IWA/SPNEGO to authenticate automatically. While the Notes client can automatically authenticate to the Idp using it's embedded browser, Sametime does not. Even tough it uses the same embedded Notes browser. L3 states there are two browser profiles? might be Sametime should simply use the other?

The Sametime embedded authentication options for SAML does have fields to set username/password to automatically login to the Idp. This makes SAML implementation not really Single-Sign-On, but more "Seamless-Sign-On", with the requirement to re-set the password when the password changed in LDAP. We want password-less Sametime.

  • Attach files
  • Guest
    Reply
    |
    Oct 4, 2024

    If you want users to stay on the Domino platform, this is one of the things that should be implemented asap