Greetings - We have a problem that I thought would have a simple solution, but apparently it doesn’t.
The problem is that we need our users to be presented with a “DoD Notice and Consent” banner page when accessing our Domino web server via browser. So basically anytime a user went to any page on any of our sites, they would first see the “DoD Notice and Consent” banner page. They would then click on a button that said “I Agree” and would then be taken to the page they were requesting. The banner would only appear in the beginning of the users’ session, so that when the user clicks around, they would not see the banner again, unless they closed and accessed a page with a new browser.
We have a web only environment. Our servers are on Domino 7.0.3, and 8.0.2. We are moving all of our servers to 8.0.2, possibly 8.5 soon.
As I said, I thought it would be simple to implement this, and probably is a requirement in other organizations, but I have not been able to find any information on it, even when discussing with IBM.
Has anyone successfully implemented a consent click thru banner in Domino? If so please let me know your experiences. This is DoD requirement that I’m sure someone must have encountered.
Thank you for you attention and please let me know if you require additional details.
Robert - do you use Notes for email? Understand you are a web only environ, just looking for an app to apply classification to emails, and thought you might use or have knowledge of one. Thanks
Skip - We only use Notes Mail for 2 helpdesk applications and do not need to apply a classification to emails that come in - yet. My initial thought is that possibly a sub form solution would work for you.
I haven’t done this in 8.5 (or 8 for that matter) but it’s easy to create a custom login page that displays the banner, then if they click OK, it redirects them to a proper login page. You might even implement the whole thing in client-side javascript by using a couple of div tags to enclose the warning banner in one, the login dialog in another, then set the style property display:block to show, display:none to hide.
Or, simply take the easy way out and display the warning banner on the Login page and change the Login button to Agree to Terms & Login.
The custom login pages are covered in the Admin documentation (look in the index for DOMCFG.NSF). You’ll need to create a DOMCFG.NSF file and modify the default login page in designer to meet your needs.
I forgot to mention that we are moving to client certificate only authentication, meaning that users must access the system using a Common Access Card (CAC) or Smart Card if you will and there will be no username and password authentication, That means that the domcfg.nsf will not be used.
You mentioned that you are implementing support for DOD PKI CAC. Do you have some reference material (or a white paper) on how to configure an application to support CAC based sign-on? We are asked to do the something similar but can’t find any documentation on it. Thanks.
To implement CAC support, you need to have users register their CACs with their person document. You can have them do that by using a certificate publication database. See “Publishing third-party CA client certificates in a Person record” in Domino Administration help.
Then, to have your site accept CAC certificates, you need to enable it in the internet site document by setting the field “Client Certificate” to yes.
It is a little more involved than that, but that’s it in a nutshell.
Now, won’t you need to present a banner that your users will have to click “accept” in order to continue?
Please contact me if you want to discuss this further at robert.przydzial.ctr@navy.mil. I could use some peers who run Domino systems within DoD, there are not very many. We may have some common issues to resolve…