Skip to main content
This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal

Notes/Domino 6 and 7 Forum

Notes/Domino 6 and 7 Forum

  

PreviousPrevious NextNext

RE: Problem with Domino LTPA token and WebSphere
~Umberto Elfanalyflar 23.Apr.03 03:51 AM a Web browser
Applications Development All Releases Windows 2000


My problem is a little bit more savage, but you may be able to help. I am not running my servlet in a WebSphere container, but in Borland Application Server.

I am doing much the same sort of thing as you, here is a snippet of my code:

// Generating the cookie
Cookie cookie = new Cookie("LtpaToken", session.getSessionToken());
cookie.setDomain(config.getCookieDomain());
cookie.setMaxAge(10000);
cookie.setPath("/");
cookie.setSecure(false);

// Putting the cookie in the response
response.addCookie(cookie);

The first time I hit the server I get the following information from the SSO Trace:

23/04/2003 12:13:05.77 [011E:0008-0132] SSO API> *** Generating Single Sign-On Token (SECTokenGenerate) ***
23/04/2003 12:13:05.77 [011E:0008-0132] SSO API> ConfigName specified [LtpaToken].
23/04/2003 12:13:05.77 [011E:0008-0132] SSO API> Retrieved global static cache memory for config [LtpaToken].
23/04/2003 12:13:05.77 [011E:0008-0132] SSO API> Setting token name parameter [LtpaToken]
23/04/2003 12:13:05.77 [011E:0008-0132] SSO API> Setting token domain parameter [.qdot.qld.gov.au]
23/04/2003 12:13:05.77 [011E:0008-0132] SSO API> Creation time not specified, using current time [23/04/2003 12:13:05].
23/04/2003 12:13:05.77 [011E:0008-0132] SSO API> Expiration time not specified, using current time plus config expiration [23/04/2003 12:43:05].
23/04/2003 12:13:05.77 [011E:0008-0132] SSO API> Encoding Domino style Single Sign-On token.
23/04/2003 12:13:05.77 [011E:0008-0132] SSO API> -Creation Ticks = 3EA5F6B1 [23/04/2003 12:13:05].
23/04/2003 12:13:05.77 [011E:0008-0132] SSO API> -Expiration Ticks = 3EA5FDB9 [23/04/2003 12:43:05].
23/04/2003 12:13:05.77 [011E:0008-0132] SSO API> -Username = CN=Michael Ransley/O=EosServer
23/04/2003 12:13:05.77 [011E:0008-0132] SSO API> *** Freeing Single Sign-On Token (SECTokenFree) ***
23/04/2003 12:13:05.77 [011E:0008-0132] SSO API> *** Generating Single Sign-On Token (SECTokenGenerate) ***
23/04/2003 12:13:05.77 [011E:0008-0132] SSO API> ConfigName specified [LtpaToken].
23/04/2003 12:13:05.77 [011E:0008-0132] SSO API> Retrieved global static cache memory for config [LtpaToken].
23/04/2003 12:13:05.79 [011E:0008-0132] SSO API> Setting token name parameter [LtpaToken]
23/04/2003 12:13:05.79 [011E:0008-0132] SSO API> Setting token domain parameter [.qdot.qld.gov.au]
23/04/2003 12:13:05.79 [011E:0008-0132] SSO API> Creation time not specified, using current time [23/04/2003 12:13:05].
23/04/2003 12:13:05.79 [011E:0008-0132] SSO API> Expiration time not specified, using current time plus config expiration [23/04/2003 12:43:05].
23/04/2003 12:13:05.79 [011E:0008-0132] SSO API> Encoding Domino style Single Sign-On token.
23/04/2003 12:13:05.79 [011E:0008-0132] SSO API> -Creation Ticks = 3EA5F6B1 [23/04/2003 12:13:05].
23/04/2003 12:13:05.79 [011E:0008-0132] SSO API> -Expiration Ticks = 3EA5FDB9 [23/04/2003 12:43:05].
23/04/2003 12:13:05.79 [011E:0008-0132] SSO API> -Username = CN=Michael Ransley/O=EosServer
23/04/2003 12:13:05.79 [011E:0008-0132] SSO API> *** Freeing Single Sign-On Token (SECTokenFree) ***
23/04/2003 12:13:05 DIIOP Server: 165.240.164.183 connected

This then puts the cookie into a request which I can then check it to see if the value is correct (intially I made the same mistake as you in that the cookie was only accessible from the web application context). However, when I try and access a protected resource on the domino server I am now getting a "Your session with the server is expired or is invalid. The current operation was not executed" error and the following information from the SSO trace:

23/04/2003 12:14:16 DIIOP Server: 165.240.164.183 connected
23/04/2003 12:17:20 Admin Process: Searching Administration Requests database
23/04/2003 12:17:21 DIIOP Server: 165.240.164.183 disconnected
23/04/2003 12:17:30.35 [0153:0009-02DB] SSO API> *** Validating Single Sign-On Token (SECTokenValidate) ***
23/04/2003 12:17:30.35 [0153:0009-02DB] SSO API> ConfigName specified [LtpaToken].
23/04/2003 12:17:30.35 [0153:0009-02DB] SSO API> Retrieved global static cache memory for config [LtpaToken].
23/04/2003 12:17:30.35 [0153:0009-02DB] SSO API> Decoding Domino style Single Sign-On token.
23/04/2003 12:17:30.35 [0153:0009-02DB] SSO API> Digest verification failed [Single Sign-On token is invalid].
23/04/2003 12:17:30.35 [0153:0009-02DB] SSO API> ERROR: when decoding token [Single Sign-On token is invalid].

If I could build the LTPA cookie from scratch without building a DIIOP connection that would be great, but the various posts stating that the code would be put up on openntf.org haven't materialised - I for one would help write the thing because this LTPA is a really big problem unless you are using Domino and Websphere, anything else and you have problem (end of rant!).

Anyway, thanks in advance for any help that people have.

Regards,

Michael.




Problem with Domino LTPA token and ... (~Sigmund Nimnub... 16.Apr.03)
. . RE: Problem with Domino LTPA token ... (~Sigmund Nimnub... 16.Apr.03)
. . . . RE: Problem with Domino LTPA token ... (~Umberto Elfana... 23.Apr.03)

Document Options






  Document options
Print this pagePrint this page

Search this forum

Forum views and search


  Forum views and search
Date (threaded)
Date (flat)
With excerpt
Category
Platform
Release
Advanced search

Member Tools


RSS Feeds

 RSS feedsRSS
All forum posts RSS
All main topics RSS