All of a sudden my DWA login screen does not look as expected, all functionality are there but the initial login box is now prompted with a separate windows login dialog box rather then the default DWA login screen which I was getting before.
Now, I made some changes by adding a internet site document and web sso configuration document for enabling the sametime buddy list contact through DWA. Could any of these changes affect the login screen for DWA?
Yes. It is likely that your change has caused the problem. Possibly you’re login form is unavailable to unauthenticated users. It’s best to keep login forms in their own database… domcfg.nsf works well. Make sure that default and Anonymous access is set to reader so that the form displays for unauthenticated users.
A few other general points…
In your new web site doc make sure that the hostname matches the hostname part of the url you are using.
And make sure that session authentication is enabled in the domino web engine tab.
Also make sure that the notes name of your web server(s) is included in your SSO configuration document.
For all servers using SSO, make sure that they have a SITE DOC in the Internet Sites view and ensure that web settings in the main SERVER DOC, for those servers, are disabled. (You can only use one or the other).
Use domcfg.nsf to control the login screen displayed for each site.
Allow time for replication of settings between web servers and remember you need to restart http after any config changes.
Now, with the internet site document. we don’t seem to have any use for it. I created it for the purpose of setting up sametime with DWA 8.5 but found out through a lotus technote that the internet site doc will not work with Sametime 8.X and would only require a web sso config doc on the sametime server. If i delete the internet site document would this fix the problem?
Provided that the server is set for session-based authentication, yes. The login dialog happens when basic authentication is allowed, and the login form is displayed for session-based authentication.
So in the host name field, do you specify a more meaningful web address name such www.companyname.webmail.com.au for example? and then that will map to /iwarddir.nsf?Open?
In your new web site doc make sure that the hostname matches the hostname part of the url you are using.
It is possible to do this, yes. But it relies on changes to your domain wide DNS first. Also, if you want it to work on the www then you would need to modify the NS records in your public zone file.
In our environment I have a web-enabled mail server called mailserver1.acme.com (Notes name would be MailServer1/ACME). The full url for our dwa redirector is htp://mailserver1.acme.com/iwaredir.nsf but I don’t want to give that url to my DWA users so instead i set up a CNAME record in our DNS called “inotes.acme.com” which points to mailserver1.acme.com.
Once that’s in place I can set up an domino internet site like this…
Thanks for the tip. Phew. I enabled session authentication by selecting single server, restarted http and loaded the original webmail login screen.
I read that when you enable the use of Internet Sites on a Domino server, any existing SSO configurations are automatically disabled. The Internet site document has been nothing but trouble so far! expected I guess when you are not that familiar with it…
And make sure that session authentication is enabled in the domino web engine tab.