HCL Notes and Domino 9.0 Social Edition Forum

This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal

Share ▼
Subscribe ▼

~Naomi Minhipitheroni

Nov 27, 2013, 10:12 AM

34 Posts

SAML authentication timeout

Category: Security
Platform: Windows
Release: 9.0.1
Role: Administrator,Developer,End User
Tags:
Replies: 1

We have a Domino 9.01 environment where iNotes users authenticate using SAML and MS ADFS 2.0.

The first time the users enter the Domino website the authentication takes some time, ending up with a error message to the user from the ADFS website suggesting the service is not available.

When the user opens the same URL again, Domino looks in the cache for a single sign on cookie and the website (iNotes) shows without any errors.

Are there any time-out setting or other parameters to change to get this working the first time the user enters the site?

EDIT:

It seems it's not a timeout problem but a redirection loop every first time the Domino servers sends the SAML request to the ADFS server. The second time when the SSO cookie is found there is no need to redirect the browser.

Anyone seen this behaviour before and has some suggestions to solve it?

~Tony Zekfootexikle

Dec 10, 2013, 12:52 AM

9 Posts

is it the ADFS taking too much time?

I haven't seen this problem. Is it the ADFS that is taking too much time, or the Domino server taking too much time? You could get further information by use wireshark or other tool to monitor the web traffic.

Jane Marcus, IBM

Share ▼
Subscribe ▼