Introducing the implementation mechanism of the Notes account Framework
The Notes account framework is the account framework that is packaged directly using its underlying platform, Expeditor (XPD). XPD's account system is also based on the JAAS (Java authentication and Authorization Service framework). This integration allows the user to store and acquire attributes that create connections and communications with local or remote services, as well as some authorization applications and services to authenticate.
The way in which JAAS is authenticated is to instantiate a login context object that marks the login module in the configuration for authentication. XPD a number of default login modules are specified in different default login configurations. The login module can obtain the user name and password as well as other authentication needs of the data and authenticate the user. The callback handler function (CallbackHandler) will cooperate with the user to obtain a certificate when the user is unavailable. Once the certification is complete, an object defined by the JAAS framework to represent the source of the request will be published through the login module with the Cookies or tokens containing the certificate. Each XPD account has a federated object that stores the authentication token as a private certificate.
In addition to using the JAAS framework platform login, XPD is used for the single sign-on (SSO) account for the remote service. The account contains many arbitrary keys or any numeric pairs. The data in these accounts is encrypted and stored in Eclipse's preferences. The password of the account is encrypted and stored in the key memory of the platform. The authentication type attribute of the account indicates which login configuration is used to authenticate the platform. The account framework fully integrates the XPD URL processor and allows for remote service single sign-on.
Introduction to Domino-sso Authentication types
Single sign-on (SSO) is one of the more popular integration schemes for enterprise business, which means that in multiple application systems, users can access all trusted applications with only one login. Domino-sso refers to a user who logs on to a Domino server and logs on to all trusted applications with that Domino server, such as Sametime servers, activities servers, Feeds servers, and the main introduction in this article INotes Web Server. The Domino-sso authentication type works as follows, first DNS needs to be in the same domain for each server, and the unified SSO secret Key is configured for the associated server when SSO is configured. When a user logs on to the Domino server, the server authenticates successfully and generates an LTPA Token, which is saved in a browser Cookie, and when the user logs on to another Domino server, the server decodes the Token and verifies that it is valid when it monitors the LTPA Token 。 If the LTPA Token is valid, the server will release the user.
Properly configure server documents and Internet sites on the Domino server side
Below is a detailed description of how to configure the server documentation and Internet site on the Domino server to implement Domino SSO.
Open Names.nsf in Domino admin, expand Configuration->servers->all Server Documents
Figure 1. All Server document pages
Open the server document that you are using, and in the Basic tab, make sure that the option Load Internet configurations from Server\internet Sites The value of documents is Disabled.
Figure 2. Server document currently in use