Welcome to the IBM Connections Product Ideas Lab! The place where you can submit product ideas and enhancement request. We encourage you to participate by voting on, commenting on, and creating new ideas. All new ideas will be evaluated by the IBM Product Management & Engineering teams, and the next steps will be communicated. While not all submitted ideas will be executed upon, community feedback will play a key role in influencing which ideas are and when they will be implemented.

For more information and upcoming events, please visit our IBM Connections page.

Enable Desktop Plugin for SAML+Kerberos

In a SAML scenario, like IBM Connections Cloud (but not limited to), the customers IDP authenticates the user. If a browser is being used, the user is directed to the IDP server which needs to verify the users identity.

In most cases, this IDP login is offered via Integrated Windows Authentication (IWA, Kerberos). This means that the user does not see the login form but instead is authenticated automatically, given that he before logged into the Windows Domain.

Now when using the Plugin, we can perform a form based login for the user - the login form interaction happens in the background.

If IBM would enable Kerberos for this case, the following values would exist:

1. No need to enter a user ID

2. No need to enter or store a password - and this means also that if a password changes in the IDP, no need to update that

The above would also simplify the deployment of the Plug-In - just install and preconfigure "SAML+IDP", no custom settings for the user are required.

The Sametime Client (embedded or Desktop) has this behaviour / option today

  • Avatar32.5fb70cce7410889e661286fd7f1897de Guest
  • Nov 26 2018
  • Under review
  • Attach files