Single Sign On zwischen Tomcat und Domino ?

    Hallo liebe Leute,


    nachdem SSO mit Websphere ja ziemlich gut funktioniert nun die Frage, ob es SSO auch zwischen Tomcat 4.1 und Lotus Domino 6.01 gibt.
    Hat das jemand schon mal getestet und irgendwelche Erfahrungen ?

    Hi Timmy,


    schau doch mal hier, vielleicht ist ja was brauchbares dabei.


    Wenn du was brauchbares findest wäre es aber supie wenn du das hier auch posten könntest. ;)

    Gruß
    Dirk Huitema



    Zu sehen, was recht ist, und es gegen seine Einsicht nicht tun, ist Mangel an Mut. (Konfuzius)...

    Hallo Heuti,


    das Notes.Net habe ich natuerlich parallel durchforstet und dabei folgende EInträge entdeckt:


    1.
    Tomcat authentication for Domino
    Posted by Robert S Kelly on 24.10.2002 at 03:54 PM
    Category: Domino Server -- Directory AssistanceRelease: All ReleasesPlatform: Linux


    There is a way to do this.
    You need to use single sign on on your domino server.
    Basically you need to create an IIOP session as that user and grab the LTPAToken for single sign on and create a cookie on behalf of your Domino Server. (in the same domain obviously)


    You can use the ldap realm to authenticate against domino so you don't need two user databases. After a user is authenticated, you can call a (GenericPrincipal)request.getUserPrincipal() to cast that to the GenericPrincipal class that the realm created, after which you can call getName() and getPassword() on and create a notes session through IIOP. Once you have that session you can call getToken() and then use that value as the value for a new cookie which you'll have to set from tomcat. Sounds like a lot, but it's actually pretty simple.


    2.
    domino and tomcat auth
    Posted by Carsten Burghardt on 3.Dec.02 at 06:01 AM using a Web browser
    Category: Domino ServerRelease: 6.0Platform: Linux - SuSE

    OK, finally I got a working tomcat-realm:
    --------
    <Realm className="org.apache.catalina.realm.JNDIRealm"
    debug="99"
    connectionName="CN=<login>,O=<org>"
    connectionPassword="<pass>"
    connectionURL="ldap://127.0.0.1:389"


    roleName="CN"
    roleSearch="(member={0})"
    roleSubtree="true"


    userPattern="CN={0},O=<org>"
    userPassword="userpassword" />
    ------
    Now the trick is the tomcat auth, which doesn't do a bind but compares the digested password (which fails).
    So I patched the JNDIRealm::getUserDN from tomcat to change the auth-info of the Context and do a lookup (if anybody needs the code, drop me a line).
    The authentication succeeds if I access tomcat directly (Port 8080) but if I use the DSAPI-connector, the username/password from the auth-popup is not transferred to tomcat.
    Does anybody know why?


    3.
    Ralf Burghard hat noch einen Realm im DD erstellt...


    Wie der ganze Kram dann funktioniert is' aber nicht dokumentiert...