How to configure and implement Inotes single sign-on on the Notes client

Source: Internet
Author: User
Tags valid

Introducing the implementation mechanism of the Notes account Framework

The Notes account framework is the account framework that is packaged directly using its underlying platform, Expeditor (XPD). XPD's account system is also based on the JAAS (Java authentication and Authorization Service framework). This integration allows the user to store and acquire attributes that create connections and communications with local or remote services, as well as some authorization applications and services to authenticate.

The way in which JAAS is authenticated is to instantiate a login context object that marks the login module in the configuration for authentication. XPD a number of default login modules are specified in different default login configurations. The login module can obtain the user name and password as well as other authentication needs of the data and authenticate the user. The callback handler function (CallbackHandler) will cooperate with the user to obtain a certificate when the user is unavailable. Once the certification is complete, an object defined by the JAAS framework to represent the source of the request will be published through the login module with the Cookies or tokens containing the certificate. Each XPD account has a federated object that stores the authentication token as a private certificate.

In addition to using the JAAS framework platform login, XPD is used for the single sign-on (SSO) account for the remote service. The account contains many arbitrary keys or any numeric pairs. The data in these accounts is encrypted and stored in Eclipse's preferences. The password of the account is encrypted and stored in the key memory of the platform. The authentication type attribute of the account indicates which login configuration is used to authenticate the platform. The account framework fully integrates the XPD URL processor and allows for remote service single sign-on.

Introduction to Domino-sso Authentication types

Single sign-on (SSO) is one of the more popular integration schemes for enterprise business, which means that in multiple application systems, users can access all trusted applications with only one login. Domino-sso refers to a user who logs on to a Domino server and logs on to all trusted applications with that Domino server, such as Sametime servers, activities servers, Feeds servers, and the main introduction in this article INotes Web Server. The Domino-sso authentication type works as follows, first DNS needs to be in the same domain for each server, and the unified SSO secret Key is configured for the associated server when SSO is configured. When a user logs on to the Domino server, the server authenticates successfully and generates an LTPA Token, which is saved in a browser Cookie, and when the user logs on to another Domino server, the server decodes the Token and verifies that it is valid when it monitors the LTPA Token 。 If the LTPA Token is valid, the server will release the user.

Properly configure server documents and Internet sites on the Domino server side

Below is a detailed description of how to configure the server documentation and Internet site on the Domino server to implement Domino SSO.

Open Names.nsf in Domino admin, expand Configuration->servers->all Server Documents

Figure 1. All Server document pages

Open the server document that you are using, and in the Basic tab, make sure that the option Load Internet configurations from Server\internet Sites The value of documents is Disabled.

Figure 2. Server document currently in use

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.