HCLSoftware Digital Solutions Community

Rename LtpaToken cookie?

HCL Domino Domino Forum

hcl-bot November 29, 2007, 3:16pm 1

I have a need for renaming the LtpaToken cookie which is used for multi-server SSO in Domino. In other words, I would like to change the cookie name from “LtpaToken” to something else.

In the administration docs, the attribute iNotes_WA_AuthTokenName in NOTES.INI is mentioned in this respect. I have tried to set this attribute, like this:

iNotes_WA_AuthTokenName=MyNewName

However, the Domino server seems to ignore this when I try to log in using an URL such as http://host.domain.com/names.nsf?login. The server issues the cookie with its default name (LtpaToken).

I wonder if the attribute mentioned above is only for use in the context of iNotes (like its name could indicate) and not on the Domino server in general. Can anyone confirm this?

Is there any other possibility for achiving my goal?

Thanks,

Vidar

hcl-bot November 29, 2007, 5:49pm 2

Subject: Rename LtpaToken cookie?

I’d be curious to hear why you need to do this.

I’ve not tried this, and am just guessing, but have you renamed it in the “Configuration Name” field in the SSO doc?

hcl-bot December 6, 2007, 7:32am 3

Subject: RE: Rename LtpaToken cookie?

I’d be curious to hear why you need to do this.

We would like to have two separate SSO configurations in our Domino domain. Meaning that there are two groups of servers where each group have SSO between the group members. Unfortunately, all servers are in the same Internet domain (.foo.com). I would like to avoid that the two groups overwrite eachother’s LtpaToken cookie. Hence, I would like to rename the cookie to something else so that they can coexist, like so:

LtpaTokenA=…;domain=.foo.com

LtpaTokenB=…;domain=.foo.com

hcl-bot November 30, 2007, 5:30am 4

Subject: RE: Rename LtpaToken cookie?

Yes, I did renamed the configuration, but it has no effect. I added some debug tracing to Domino, and here is what it says when the server starts:

30.11.2007 08:32:54,50 [0FF4:0002-0728] SSO API> Parsing fields from configuration [MySSO]

30.11.2007 08:32:54,50 [0FF4:0002-0728] SSO API> -Token Name = LtpaToken

30.11.2007 08:32:54,50 [0FF4:0002-0728] SSO API> -Token Domain = .abc.com

30.11.2007 08:32:54,51 [0FF4:0002-0728] SSO API> -Name mapping = Off

30.11.2007 08:32:54,51 [0FF4:0002-0728] SSO API> -Expiration = 360 Minutes

30.11.2007 08:32:54,51 [0FF4:0002-0728] SSO API> -Idle Timeout Minimum = 30 Minutes

30.11.2007 08:32:54,51 [0FF4:0002-0728] SSO API> -Max Idle Timeout = 60 Minutes

30.11.2007 08:32:54,51 [0FF4:0002-0728] SSO API> -Config Type = CONFIGTYPE_DOMINO

30.11.2007 08:32:54,52 [0FF4:0002-0728] SSO API> Setting token name parameter [LtpaToken]

As you can see, it sets the name to ‘LtpaToken’.