Skip to main content
This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal

Notes/Domino 6 and 7 Forum

Notes/Domino 6 and 7 Forum

  

PreviousPrevious NextNext

RE: Sounds like an interesting hack
~Lily Minlukonyynds 12.May.03 04:25 PM a Web browser
General All Releases All Platforms


Ken,

I'm sure your solution is more robust than mine. It's probably a whole lot faster too. I know that a lot of people have been waiting for a solution such as yours, and I don't think Simple Sign On will detract from that.

Simple Sign On is very basic and uses simple https calls with a "callback handler" that creates cookies to track users name and groups. Because our application server doesn't have access to the user/group information in the Domino Directory, I can't use the same credentials to protect resources on the app server. So, just like I have to do with many database systems, I map the user/group information that I get out of Domino with code blocks and then use appropriate network or resource accounts to build the appropriate HTML. What that means is that with Simple Sign On, you protect resources within code (if you dont' want someone to pull up a list of all your employees and their salaries, check that the user is in the HR group before writing the page). To simplify this, I've got some custom jsp tags and an external db (which isn't in my case, but could be implemented in Domino) which maps code blocks to user/groups.

Sounds really complicated when I read it, but in reality, it's really ... well, Simple. It's nice because it's very flexible and allows you to use any scripting language (jsp, php, asp, etc). It's weakness is that you can't change a permission level on an EJB or database table and have that automatically enforced without maintaining a separate "account map".

Again, I think these two systems are different enough that Simple Sign On isn't going to threaten what you're offering. I hope I didn't offend you by posting this - I just thought that people interested in SSO would be interested in Simple Sign On as well.

Ken, feel free to contact me offline. I'd be happy to discuss the differences and I'd even be willing to consider including information on your project in the Simple Sign On documentation for cases where Simple Sign On falls short. I figured that we'd need to put in a "When to use WebSphere" help page, but perhaps we could change that to include a link to your site as well.




Domino/JBoss Single Sign On (~Tanita Asaboos... 12.May.03)
. . RE: Domino/JBoss Single Sign On (~Lily Minlukony... 12.May.03)
. . . . Sounds like an interesting hack (~Tanita Asaboos... 12.May.03)
. . . . . . RE: Sounds like an interesting hack... (~Lily Minlukony... 12.May.03)
. . . . . . . . Not offended at all (~Tanita Asaboos... 12.May.03)
. . Good news, thanks for the update! e... (~Sven Fezboosig... 12.May.03)

Document Options






  Document options
Print this pagePrint this page

Search this forum

Forum views and search


  Forum views and search
Date (threaded)
Date (flat)
With excerpt
Category
Platform
Release
Advanced search

Member Tools


RSS Feeds

 RSS feedsRSS
All forum posts RSS
All main topics RSS