Welcome to the #dominoforever Product Ideas Lab! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated jointly by the IBM & HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events around #dominoforever, please visit our Destination Domino page.

SAML - provide support for Single Logout

The SAML Service Provider implemented in Domino 10 is much better than in the previous versions and integrates without a problem with all standard-complying IdPs.

However, one important feature is missing and that is Single (a.k.a. Global) Logout.

In the current implementation, when a user logs out from Domino, Domino does not end session with the IdP. Since the browser still possesses session information from the IdP, a user (same or another!) only needs to access Domino server again and he/she will be granted access.

This shortcoming is described in the document Using Security Assertion Markup Language (SAML) to configure federated-identity authentication on page 45.

We need a functioning Single Logout in order to provide truly secure solutions that  do not depend on users remembering multiple steps required to completely log-out.

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Sep 19 2018
  • Attach files
  • Avatar40.8f183f721a2c86cd98fddbbe6dc46ec9
    Guest commented
    December 20, 2018 13:35

    CAS supported also needed fro SAML.