Hallo liebe Leute,
nachdem SSO mit Websphere ja ziemlich gut funktioniert nun die Frage, ob es SSO auch zwischen Tomcat 4.1 und Lotus Domino 6.01 gibt.
Hat das jemand schon mal getestet und irgendwelche Erfahrungen ?
Hallo liebe Leute,
nachdem SSO mit Websphere ja ziemlich gut funktioniert nun die Frage, ob es SSO auch zwischen Tomcat 4.1 und Lotus Domino 6.01 gibt.
Hat das jemand schon mal getestet und irgendwelche Erfahrungen ?
Hallo Heuti,
das Notes.Net habe ich natuerlich parallel durchforstet und dabei folgende EInträge entdeckt:
1.
Tomcat authentication for Domino
Posted by Robert S Kelly on 24.10.2002 at 03:54 PM
Category: Domino Server -- Directory AssistanceRelease: All ReleasesPlatform: Linux
There is a way to do this.
You need to use single sign on on your domino server.
Basically you need to create an IIOP session as that user and grab the LTPAToken for single sign on and create a cookie on behalf of your Domino Server. (in the same domain obviously)
You can use the ldap realm to authenticate against domino so you don't need two user databases. After a user is authenticated, you can call a (GenericPrincipal)request.getUserPrincipal() to cast that to the GenericPrincipal class that the realm created, after which you can call getName() and getPassword() on and create a notes session through IIOP. Once you have that session you can call getToken() and then use that value as the value for a new cookie which you'll have to set from tomcat. Sounds like a lot, but it's actually pretty simple.
2.
domino and tomcat auth
Posted by Carsten Burghardt on 3.Dec.02 at 06:01 AM using a Web browser
Category: Domino ServerRelease: 6.0Platform: Linux - SuSE
OK, finally I got a working tomcat-realm:
--------
<Realm className="org.apache.catalina.realm.JNDIRealm"
debug="99"
connectionName="CN=<login>,O=<org>"
connectionPassword="<pass>"
connectionURL="ldap://127.0.0.1:389"
roleName="CN"
roleSearch="(member={0})"
roleSubtree="true"
userPattern="CN={0},O=<org>"
userPassword="userpassword" />
------
Now the trick is the tomcat auth, which doesn't do a bind but compares the digested password (which fails).
So I patched the JNDIRealm::getUserDN from tomcat to change the auth-info of the Context and do a lookup (if anybody needs the code, drop me a line).
The authentication succeeds if I access tomcat directly (Port 8080) but if I use the DSAPI-connector, the username/password from the auth-popup is not transferred to tomcat.
Does anybody know why?
3.
Ralf Burghard hat noch einen Realm im DD erstellt...
Wie der ganze Kram dann funktioniert is' aber nicht dokumentiert...