we’re building a web application to run on blackberry devices. We want the user to be able to access the site without any login prompt and to be logged as himself on the site. Sounds weird but since each Blackberry device has a PIN (Unique ID), it may not be impossible.
Now, what we have is the PIN of the Blackberry in a cookie in each http request to the domino server. Using this PIN, we want to map it to a User/Password table and use this credential to log to the domino server. What we are searching for is a way to log to the server with a domino agent that will create a cookie in the http response header containing an LTPA token. With this token back to the client, the user will be able to use our web application.
The problem with that is our to get the LPTAToken and insert it in a cookie. This process is normally done automatically by the server so we don’t have any access to the LTPA token before a user submits it to the server in a request cookie.
Is there any way to get a LTPA token directly? Or is there any other way to get logged to a domino web application by a backend agent?
If you create a mapping between PIN and username/password, then you will be able to get the LTPA cookie using a LS/Java agent and write it back to the PDA as a response cookie (and redirect user to another database).
To accomplish this, users must register their web password in the PID2User mapping database.
Not sure though if this can be considered a secure solution as anyone who guesses the PID of the PDA will be able to login to the server. To make it somewhat more secure you might want to control what browser type and IP number is used to access the cookie-creating agent.
Subject: RE: Getting a LTPA token without a cookie
First, thanks for taking time to answer my question.
To do what I want to do, I know I need to create a database to map the PINs and the user/pass informations, but what I need to know is how can I log to the domino server and get back the LTPA key string value to be able to create a cookie and return it the to blackberry device? I haven’t seen any function that returns an LTPA key.
On the other hand, the use of a LTPA key is because I don’t know if there’s a way to call an agent anonymously, log to the server from it with LS or Java and return a page as an authenticated user? I don’t think it’s possible. It’s why I want to create a LTPA token.
Hi Carl. This library may offer some help. I would probably write a Servlet and run it under Apache Tomcat (my company’s preferred server for running Java Servlets). It would include the dominosso.jar file found here:Error
[Determine the user’s Domino username&password, based on the Blackberry id, and then …]
//Create a LtpaToken for this username and password.
LtpaToken token = new LtpaToken(dominoServer, username, password);
//Add a new LtpaToken cookie to the http response. This is added to the HttpServletResponse.
Subject: RE: Getting a LTPA token without a cookie
Hi think I’ll need help again on this project. We’ve done exactly what the LtpaToken object does to create a token and return it to the browser to get the user authenticated.
The problem now is that the connection always fail until someone log to the target page manually from a browser at least one time.
We open the autologin servlet with the blackberry browser, and get redirected to the protected page where we’re supposed to be automatically authenticated. The first time, we’re forwarded to a login page. It simply means that the LtpaToken isn’t valid.
We directly open the protected page using a PC and login as the user used by the autologin servlet to normally login to the protected page. We can see the protected page without any problem.
Again, we try to open the protected page on the blackberry, and now it works!!!
It looks like there’s is some kind of linking or approbation between the LtpaToken and the login/pass when we login to the page using the PC. Very strange problem.