Parameter:
Trusted_ServersShort description: List of trusted servers whose authentication is accepted as on-behalf-of (e.g. for DOLS, iNotes proxies, reverse proxy setups).
Profile
Parameter | Trusted_Servers |
Category | Security / TLS |
Component | Server |
Available since | 9.0.1 |
Supported versions | 9.0.1, 10.0, 11.0, 12.0, 14.0, 14.5, 14.5.1 |
GUI equivalent | Server document |
Possible values | Comma-separated Notes names, e.g. CN=Proxy/O=Acme,CN=DOLS/O=Acme |
Description
In some setups, the actual user does not make the request on the Domino server; instead, an upstream server (DOLS, iNotes proxy, Sametime gateway, reverse proxy) does.
Trusted_Servers lists the Notes names of these intermediate servers. If a listed server authenticates with its own server ID, Domino additionally accepts user identities transmitted on behalf of and performs the actions under that identity. For all other servers, only direct authentication applies.Example configuration
Trusted_Servers=CN=Proxy01/O=Acme,CN=Proxy02/O=Acme
Notes & pitfalls
- Security-critical: only enter servers that are truly trustworthy in operation – a compromise allows identity takeover.
- Write Notes names exactly (hierarchy including
/O=,/OU=).
- Takes effect after a server restart.
- Complementary to the Server document fields “Trusted servers” and “Access this server”.