HCL Domino TOTP authentication with Directory Assistance enabled

Today I had the issue that TOTP was not working fine at a customer site. The main issue was that a user could bypass the TOTP authentication, was routed to the MFA setup site, clicked “Finished” and was routed to the homepage.nsf.

After opening a case I received 2 informations very quick ( thanks to Neha Bansal !! )

Rerouting to “homepage.nsf”
It´s a known issue documented under SPR # SPPPCBVMA6. The issue is due to TOTP cache reset, the URL is defaulted to homepage instead of user mailfile. This SPR is going to be fixed in upcoming release of Domino.

Bypassing the TOTP authentication ( the more important issue )
If you have enabled Directory Assistance ( DA ) there’s an issue where TOTP is bypassed. This is documented under SPR # SPPPCDVFB2 and a hotfix is available to install on top of Domino server version 1201FP1. So if you enabled DA and want TOTP to be active feel free to open a case at HCL and receive the hotfix.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s