Hi,
I have a 9.0.1 FP9 Domino server with a browser based application - the server is dedicated to host only this application. The task
is to have SAML with Azure AD. (or any other SSO with Azure) Yes, I know its not supported…
- server is set to use internet sites
- home url is set to the application’s main db
- domcfg has a sign in form mapping
I’ve tried to use the ADFS cookbook:
- new application registered in AD (by another team, I don’t have access)
- created idp catalog db
- imported the xml I got from Azure guys - first problem was to have
https://login.microsoftonline.com/TENANTID/IdpInitiatedSignOn.aspx https://login.microsoftonline.com/TENANTID/IdpInitiatedSignOn.aspx as single signon service url because it didnt work.
Azure guys suggested to change it to:
Sign in to your account https://login.microsoftonline.com/TENANTID/wsfed/?wa=wsignin1.0&wtrealm=http%3A%2F%2FDOMAIN
(why not https here?) - updated the web site doc
Redirection Azure works. Authenticated myself there then the result was a loop. At this time the reply URL specified there was
the server’s root. Next try was to modify the reply URL in Azure to https://DOMAIN/names.nsf?SAMLLogin https://DOMAIN/names.nsf?SAMLLogin the result is an error message:
HTTP Web Server: Bad SAML Request [/names.nsf?SAMLLogin] Anonymous
At least its not a loop now but still not the desired result… The returned package has my email address (NameID) but it seems Domino ignores it. What did I miss? ReplyURL should be different? Any advices? Thanks in advance.