|
Home > Archive > WebSphere Portal Server > August 2005 > SSO in Domino 6.5.2
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
SSO in Domino 6.5.2
|
|
| dhirenjoshi 2005-08-24, 4:48 pm |
| I have configured SSO for Domino6.5.2 and WPS 5.0.2.
When I login into WPS I check and and the LtpaToken cokie is set.
I close browser go directly to Domino url and login and conifrm the cookie LtpaToken is set.
The issue I have is even after the LtpaToken is set I cant login as in SSO to Domino. The Domino still prompts me for a login after I have done a WPS login.
I checked Domino logs and
According to this link, http://www-1.ibm.com/support/docvie...uid=swg21210929 I seem to have attained some degree of SSO implementation. Comparing the logs of SSO which we have in our aaDEBUGOUT.txt to the syntax which is a correct working scenario, we do get the "u:user" in our logs.
08/23/2005 00:00:07.84 [253722:08014:00002-00000008] SSO API> Dumping memory of constructed token before encryption step [227 bytes]
00000000: 753A 7573 6572 5C3A 7777 772E 6173 3430 'u:user\:www.hostname
00000010: 306C 7567 2E69 686F 7374 2E63 6F6D 5C3A '0.com\:'
00000020: 3338 392F 6E75 6C6C 2531 3132 3437 3934 '389/null%1124794'
If Domino loaded SSO and WPS login shows an LtpaToken ,then what could I be missing for a pure SSO implementation ?
One difference I noticed is
WPS login is non SSL
http://hostname:200/wps/portal
whereas Domino login is SSL redirected.
http://hostname/domino_dir/domino.nsf - > get redirected to
https://hostname/domino_dir/domino.nsf
I am really stuck at this point.
Appreciate all the help from everyone.
Thanks
Dhiren | |
|
| That SSL configuration difference is the problem. LTPA token is based on a
"LDAP Realm" which is defined as the hostname or IP address plus the LDAP
port. When you access the LDAP through SSL, the port is 636, which is
different from the non SSL port 389. So when two LTPA realms are different,
they are considered two different tokens.
"dhirenjoshi" <dhirenjoshi.1uar92@mail.webservertalk.com> wrote in message
news:dhirenjoshi.1uar92@mail.webservertalk.com...
>
> I have configured SSO for Domino6.5.2 and WPS 5.0.2.
> When I login into WPS I check and and the LtpaToken cokie is set.
> I close browser go directly to Domino url and login and conifrm the
> cookie LtpaToken is set.
>
> The issue I have is even after the LtpaToken is set I cant login as in
> SSO to Domino. The Domino still prompts me for a login after I have
> done a WPS login.
>
> I checked Domino logs and
> According to this link,
> http://www-1.ibm.com/support/docvie...uid=swg21210929 I seem to have
> attained some degree of SSO implementation. Comparing the logs of SSO
> which we have in our aaDEBUGOUT.txt to the syntax which is a correct
> working scenario, we do get the "u:user" in our logs.
>
> 08/23/2005 00:00:07.84 [253722:08014:00002-00000008] SSO API> Dumping
> memory of constructed token before encryption step [227 bytes]
> 00000000: 753A 7573 6572 5C3A 7777 772E 6173 3430
> 'u:user\:www.hostname
>
> 00000010: 306C 7567 2E69 686F 7374 2E63 6F6D 5C3A '0.com\:'
>
> 00000020: 3338 392F 6E75 6C6C 2531 3132 3437 3934 '389/null%1124794'
>
>
> If Domino loaded SSO and WPS login shows an LtpaToken ,then what could
> I be missing for a pure SSO implementation ?
>
> One difference I noticed is
> WPS login is non SSL
>
> http://hostname:200/wps/portal
> whereas Domino login is SSL redirected.
>
> http://hostname/domino_dir/domino.nsf - > get redirected to
> https://hostname/domino_dir/domino.nsf
>
> I am really stuck at this point.
> Appreciate all the help from everyone.
>
> Thanks
> Dhiren
>
>
>
> --
> dhirenjoshi
> ------------------------------------------------------------------------
> Posted via http://www.webservertalk.com
> ------------------------------------------------------------------------
> View this thread: http://www.webservertalk.com/message1177112.html
>
| |
| dhirenjoshi 2005-08-29, 11:42 am |
| quote:
Originally posted by fang
That SSL configuration difference is the problem. LTPA token is based on a
"LDAP Realm" which is defined as the hostname or IP address plus the LDAP
port. When you access the LDAP through SSL, the port is 636, which is
different from the non SSL port 389. So when two LTPA realms are different,
they are considered two different tokens.
"dhirenjoshi" <dhirenjoshi.1uar92@mail.webservertalk.com> wrote in message
news:dhirenjoshi.1uar92@mail.webservertalk.com...
>
> I have configured SSO for Domino6.5.2 and WPS 5.0.2.
> When I login into WPS I check and and the LtpaToken cokie is set.
> I close browser go directly to Domino url and login and conifrm the
> cookie LtpaToken is set.
>
> The issue I have is even after the LtpaToken is set I cant login as in
> SSO to Domino. The Domino still prompts me for a login after I have
> done a WPS login.
>
> I checked Domino logs and
> According to this link,
> http://www-1.ibm.com/support/docvie...uid=swg21210929 I seem to have
> attained some degree of SSO implementation. Comparing the logs of SSO
> which we have in our aaDEBUGOUT.txt to the syntax which is a correct
> working scenario, we do get the "u:user" in our logs.
>
> 08/23/2005 00:00:07.84 [253722:08014:00002-00000008] SSO API> Dumping
> memory of constructed token before encryption step [227 bytes]
> 00000000: 753A 7573 6572 5C3A 7777 772E 6173 3430
> 'u:user\:www.hostname
>
> 00000010: 306C 7567 2E69 686F 7374 2E63 6F6D 5C3A '0.com\:'
>
> 00000020: 3338 392F 6E75 6C6C 2531 3132 3437 3934 '389/null%1124794'
>
>
> If Domino loaded SSO and WPS login shows an LtpaToken ,then what could
> I be missing for a pure SSO implementation ?
>
> One difference I noticed is
> WPS login is non SSL
>
> http://hostname:200/wps/portal
> whereas Domino login is SSL redirected.
>
> http://hostname/domino_dir/domino.nsf - > get redirected to
> https://hostname/domino_dir/domino.nsf
>
> I am really stuck at this point.
> Appreciate all the help from everyone.
>
> Thanks
> Dhiren
>
>
>
> --
> dhirenjoshi
> ------------------------------------------------------------------------
> Posted via http://www.webservertalk.com
> ------------------------------------------------------------------------
> View this thread: http://www.webservertalk.com/message1177112.html
>
Thanks for the answer.
I went ahead and implemented SSL on the Portal server and SSL enabled the LtpaToken.
Now I am able to login into Domino first Portal doesnt prompt for password and I am SSO into Portal but if I login into Portal server first Domino still prompts me for a password.
All I have done so far is SSL enabled the Portal server and exported the LtpaToken as SSL enabled checkbox from WAS. I havent enabled SSL for LDAP connections yet.
Any idea what I could be missing for the total SSO implmentation still doesnt seem to be working.
Thanks
Dhiren |
|
|
|
|