Hello,We have an extranet based on a domino server and database with restricted access (username and password stored in domino names.nsf). Among those accounts we have a company who has its own extranet (no domino) and wants to give access to our extranet at its own subscribers trough its account for our extranet.
How can this third party company provide a transparent access (with no visible login) to our extranet ?
Many thanks for any idea…
Subject: How to authenticate to a domino server trough a third party server without login
Hello!
I think the short answer is to see how they store their usernames & passwords. If they have their own LDAP, then you could probably add their LDAP to your Directory Assistance db. (This also works if they use an Active Directory).
Good luck!
Steve in NYC
“It hurts to be on the cutting edge.”
Subject: RE: How to authenticate to a domino server trough a third party server without login
Thank you Steve,
one problem with your solution is that our companies doesn’t want to share their account databases. Our partner must be able to use its account to our extranet to provide an access to its users, but we musn’t know who is realy connected. Something like a proxy.
Subject: RE: How to authenticate to a domino server trough a third party server without login
Then THEY are going to have to serve the content to their authenticated users. They can access your data using an ID you provide them, but if there is no shared authentication scheme, you can’t grant access to users on their say so. They will have to fetch the pages/data from your server using an ID you can trust, then serve it to the IDs THEY trust from their own servers. Note that this still blows the idea of your company having security/data privacy/ownership out of the water.
Subject: How to authenticate to a domino server trough a third party server without login
Do you use session based authentication on Your side? If you do, it shouldn’t be so hard to implement. What you need to do is:
Give your partners a “technical user id” (user registration)
For each invocation from them to your side, have them (perhaps using Jakarta HTTPClient) authenticate to you, storing the LTPAToken cookie that your side returns.
Then for each request that their subscribers to, make sure that they include this LTPAToken cookie in their request header (which is already authenticated).
I don’t see why this scheme should not work.
regards
Daniel