I just setup inotes on domino9 to use SAML with a 2008R2 active directory domain controller. Everything works fine with users that have a mapping (using email address) between AD account and Domino Account.
The problem is that if the user does not have a mapping that an error page is displayed (HTTP400 Bad Request the page was not found), instead I would expect a login box or login form, as described in this article:
Subject: use internet sites for your non saml users
sounds like it may be working as designed
if you’re logging into something thats expecting a domino user (like an inotes redirection database) if your AD name doesnt get translated to a domino person record, the redirector wont know which mail file to send you to
as a result you’ll see something like http://server.com/mail/.nsf… http://server.com/mail/.nsf... where its missing the mailfile name
which ofcourse will result in a 404
if you have users who aren’t yet setup for SAML, best thing to do is configure an additional http internet site website doc
so that you can load a different non saml config , for a different http host name but on the same domino server
so that non saml users also have access to domino http simultaneously as the other saml config