I recently upgraded a test server to Domino version 14, from version 12. It is a Windows server and we have SSO set up for web authentication. After the upgrade, the web page that appears after authentication is now the server home page (/homepage.nsf?Open), and not the form or page that we log into. If I enter the url of the form or page that I originally logged into, it loads and I am logged in to the server successfully. But, I am not sure why it goes to the server home page after initial authentication? I am hoping this is a simple setting somewhere that I am missing. I have included an image of what appears on the page after log in. Thank you for any assistance you can provide.
Can you check if your custom database for the homepage is set in the below settings in the Domino server document or in the Internet site document for your website on the Domino server?
Server document:
Internet Site document:
If it is homepage.nsf in the Home URL, then you need to set this to your custom database name.
Thank you.
Regards
Shrikant J
The default page that opens after authentication would be found under configuration in internet site document (if you are using one) . else it will be there in configuration in server document under internet protocol. replace the /homepage.nsf with your login page url.
In case you are not using internet site document then make the changes in server docuemnt as under
Ok so far, but what is if you want to to handle the new target URL after logout in a more flexible way.
Till 12.02. there was this posibility to use a redirectto parameter (e.g. Eventhandler Action on logout button) :
var appUrl = facesContext.getExternalContext().getRequest().getContextPath();
var url = appUrl + "?logout&redirectto=" + appUrl + "/xxx.xsp";
facesContext.getExternalContext().redirect(url);
But in 14.x the redirectto Parameter is not supported any more.
In which way i can achieve a redirect in conjunction with logout ?
DOMINO_REJECT_GET_LOGIN=0 IN NOTES.INI WILL ALLOW THE REDIRECT BEHAVIOUR. it was removed due to security concerns. Better to achieve this functionality by some other work around.
Also set DominoDisableLoginQueryArgs=0 in notes .ini
By the way this applied since domino v12.
Yes i know, but does that really work in R14 any more ?
On the other hand, i take security concerns seriously, is it a good idea to overide them ?
From your post in red it seems you are redirecting after logout to an xpage within the same nsf. In case the nsf doesnt allow anonymous access, it should force you on to your log in page. If you could explain your setup in more detail, one could offer more suggestions.
I usually use an xpage in an nsf with anonymous access as my default page. In before pageload, i ridirect to the actual target application if the session is by anonymous user, to force a login. After login the url is still the same nsf. However this time since the session is authenticated, you actually redirect to the actual target application in the before pageload event.
In case you have mutiple applications needing authenticated access, the home page nsf should contain the links to them. You may code this scenario accordingly.
The ini settings mentioned in prev post should work on v14. You may check at your end
Hello Robert,
You mentioned that you have SSO setup for web authentication and upgraded Domino from V12.
Observed behavior:
You try to access one specific web page URL, then you will be redirected for authentication.
After authentication, you will see the homepage instead of the web page URL you tried to access.
Considering the behavior observed by you, is it ok to understand your environment information as follows:
1. is it ok to understand that you have SAML authentication for SSO?
2. is it ok to understand the previous Domino server version was V12.0 or V12.0.1 and not V12.0.2?
Please correct me if there is any difference in my above understanding.
If the above understandings are correct, the behavior you are observing is due to the Security enhancements to cookies involving SAML done from Domino V12.0.2.
If you are using SAML authentication for web SSO, please add the following parameter to notes.ini and restart HTTP services to revert to the previous behavior as of V12.0.1 and prior version.
DOMINO_RELAY_COOKIE_SAMESITE=0
Reference link:
Topic:Security enhancements to cookies involving SAML
https://help.hcl-software.com/domino/12.0.2/admin/wn_security_features.html#wn_security_features__section_egn_nl4_y5b
Best Regards,
Chaitanya Y
Thank you Yalavarthy
This was the correct solution to the problem. You have the right understanding of our environment that we have SAML set up and the previous version was 12.0. So, the information you provided was exactly what I needed to know. I added the parameter to the notes.ini and restarted the server. The web page now redirects to the originating url after authentication. I appreciate your help in resolving this.
Bob
