Identity Provider

This is work in progress

We are constantly working on improving Domino REST API's functionality and documentation. You have a documentation page which is not quite ready. Feel free to feedback what you would like to see here.

Topics to guide you in completing goals and tasks about Identity Provider in relation to Domino REST API:

• Configure Domino Rest API IdP

• Configure Domino REST API to Use an OIDC Provider

• Configure Microsoft Entra ID as IdP

• Configure certificates

• Configure an identity provider

• Configure Keycloak

• Configure Domino REST API as SAML identity provider

• Set up External IdP for Office Round Trip Experience

• Set up External IdP for Admin UI login

Client Ids

When configuring an external IdP using OIDC or OIDC-idpcat, you need to provide a clientId. It's recommended to use Domino, but the admins of your IdP might have other ideas. In any case, that's the clientId for the REST server. It's NOT the one for the AdminUI or the Office Forms Based Authentication (OFBA) for attachment editing. To be fully operational, you need to configure at least three clients on your IdP:

• Domino for the server (client secret might be handeled by idpcat.nsf)
• keepadminui for the Domino REST API admin client
• keepofba for the Office document round trip experience
• One each for your custom client applications (with clientSecret for servers or PKCE for clients)

Use the internal IdP as learning resource

The application configuration provided by the internal IdP makes it easy to configure and retrieve client-specific JWT that have all the required fields. Test your application with that and use the defined proprties, scopes foremost, to requests the external IdP client configurations.