Conclusion of the SSO saga
August 14, 2008
As I’ve mentioned in “recent” posts, we’ve been setting up the WebSphere plugin on our SharePoint servers to enable authentication to Active Directory for our Domino apps.
It has been in production for a few weeks now, and is working great. Not only have we received no complaints, it is actually resolving helpdesk tickets for us, as Domino internet passwords have always been a thorn in our side.
The last change we did was to add a JavaScript redirect on to our server-wide Login form, so that anyone who does try to hit the Domino apps directly, instead of through our SharePoint URL, will be redirected to the proper URL. This is allowing us to ensure that SSO is used universally, without having to worry about whether or not we forgot to update some links on other web sites or in email notifications.
Our next big integration point is to get our Active Directory data more accessible to Notes Applications. Currently we have nightly processes that pull the data from AD into a Notes DB, but there are too many moving parts in the process, and we are constantly fighting data issues. I’ve written some code that uses the XMLHTTP object to call an AD web service, so I can pull data directly from AD on demand. We’ll probably also pull data down into the NAB on a regular basis, but being able to replace @dblookups with web service calls to the true data source (where performance allows) will be lovely.
August 26, 2008 at 12:25 pm
Why do not set up Directory Assistance in Notes and use @Namelookup? I have used it and worked fine.
vlad
September 3, 2008 at 4:01 am
Hi there, could you please explain why you have used the websphere plugin rather than using Directory Assistance, and having DA configured to use AD for authentication.
I am curious as this is something we are looking at too.
Carl.
September 4, 2008 at 5:58 am
@1) I have to check into it – until you commented, I’d never looked much at @NameLookup. But if it can pull down specific AD fields that are custom to our organization, that might be a good solution.
@2) One big reason was for the user interface – by adding the plugin on our SharePoint servers, all web apps share the same server name in the URL. It allows us to build an integrated system where our users have no idea whether an app is a SharePoint, .NET, or Domino app. We can even mix/match technologies in the same page. Makes things easier in our political climate where people just want Notes to be gone. One other reason was just logistics — we outsource our data center, and doing it this way required the least change management paperwork.