Domino SSO via the SharePoint Servers

July 8, 2008

A while back, I had asked if anyone was using the IIS process on their SharePoint servers as the front-end to their Domino apps, in order to achieve Signle Sign-on with AD. The responses were positive, but I didn’t have a chance to try it until today.

And Yes… It Works.

The instructions that are in the Admin help, and out on notes.net in the various forum threads get you 90% of the way there. A few other tidbits that I had to discover on my own:

1. The was5 plugin that comes with the 6.5 Domino server is too old, and doesn’t work. An updated version is available which works just fine: http://www-1.ibm.com/support/docview.wss?uid=swg24007265
2. For the WebSphere plug-in to function, you need to bypass SharePoint’s control of the HTTP traffic. To do so, create another web.config in your Virtual directory (C:\WebSphere\Bin in my case), and turn off that HTTP Handling from SharePoint. The entire contents of that web.config on my system are as follows:

<?xml version=”1.0″ encoding=”UTF-8″ standalone=”yes”?>
<configuration>
<system.web>
<httpModules>
<remove name=”PublishingHttpModule” />
</httpModules>
</system.web>
</configuration>

Now I can happily render all my Domino apps in a SharePoint Web Part, and our end users don’t have to know or care what back-end systems actually run the apps.

Of course, I have a veritable heap of work to do to make the apps work on the web, and I need to write a script to handle moving Active Directory IDs into the person documents for everyone, but all the insfrastructure pieces are now in place. All we have left is a lot of coding. A LOT of it.