HCL Domino Ideas Portal

Welcome to the #dominoforever Product Ideas Forum! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by HCL Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.


For more information on products and upcoming events around #dominoforever, please visit: HCL Domino Page


Add a new idea Subscribe
Status Under Consideration
Workspace Domino
Categories Security
Created by Guest
Created on Jun 28, 2023

RELATED IDEAS

SAML configuration for Internet site with multiple hostnames

When you configure a SAML for an internet site shared by multiple sites, the SAML authentication leads to a redirect to the first server in the configuration as the response url is always pointing to that server.


We tried to set it up with AAD. The config was the following:

Domino:

  • Internet site (+associated rules)

    • mapped to:

      • webapp1.example.com

      • webapp2.example.com

  • IdPcat config:

    • mapped host:

      • webapp1.example.com

      • webapp2.example.com

  • AzureAD Enterprise app:

    • Entity ID:

      • https://webapp1.example.com

      • https://webapp2.example.com

    • Reply URL:

      • https://webapp1.example.com/names.nsf?SAMLLogin

      • https://webapp2.example.com/names.nsf?SAMLLogin

(servers are clustered, certificates shared,SAML is working).


Everything is working OK, except for the fact that when webapp2.example.com is accessed and the user is authenticated, he is being redirected to webapp1.example.com , because the reply url in the SAML request is computed, probably, based on service provider id or the first host name.


I see potential solutions:

  1. Compute the reply url based on the current host name (preferred)

  2. Allow mapping of multiple IdP config to a internet site

    1. now, when the first match is done, it's used for all requests, so even if I separate IdP configs for webapp1 and webapp2, only webapp1 is loaded, so I must separate the internet sites too

    2. this would mean that for federationmetadata.xml update, multiple documents would have to be updated even if the file is the same

I had a case opened CS0391137, but we did not find a solution.

  • Attach files
  • Guest
    Mar 18, 2025

    The "Web Login with OIDC" functionality in Domino 14.0 supports use of multiple hostnames on a single Internet Site or trusted partnership so you could resolve this issue by configuring your identity provider to use OIDC instead of SAML.

    Reply
  • Guest
    Jun 28, 2023

    Potentially related ideas

    https://domino-ideas.hcltechsw.com/ideas/DOMINO-I-1679

    https://domino-ideas.hcltechsw.com/ideas/DOMINO-I-454

    Reply
5 MERGED

Add multiple domino websites with one Relying Party in SAML configuration

Merged
There is a requirement to add second domino website with same Relying Party in SAML configuration. Currently this configuration is not supported in domino , so raising this enhancement request to evaluate and consider in future release.
about 5 years ago in Domino / Security Under Consideration
                                    Copyright © 2025 HCLSoftware Limited