BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 09-08-2009, 10:03 AM   #1 (permalink)
Thumbs Must Hurt
 
Join Date: Oct 2008
Model: 9780
OS: 6.0.0.359
PIN: N/A
Carrier: Telekom.de
Posts: 79
Post Thanks: 1
Thanked 0 Times in 0 Posts
Default Enabling Application Server SSO (Single Sign on)on the BES

Please Login to Remove!

I have a Notes Domino BES 4.1.6 environment. I am trying to enable SSO for Application server authentication from a Blackberry device for HTTP requests from the device.

The idea is that with SSO the application will automatically pick up the user credentials and login to the application server and use his stored credentials to access the application avoiding repeated authentication requests.

The agent works when I manually authenticate so the issue I have is to do with automatic authentication.

I have tried the following.

1) In MDS Connection service - http section I have set support HTTP Connection and Support HTTP Cookie storage to true

2) I have both restarted the BES server and the MDS service

3) In the application server document and BES server document on Domino I have made sure the servers are trusting one another and have sufficient access rights. There are also replication connection documents there.

4) The ACL on the Application itself permits authenticated user access only ie no anonymous. If we need to change to this to anonymous then we will need a completely new approach.

5) I tried setting the application server as a trusted host on the device in security -tls

6) I trusted the server based condensed directory catalog for authentication with internet protocols in the application server document and rebooted the server

Despite all the above when I launch my request from an email on the Blackberry using a URL to activate a web agent the server requires me to authenticate with it before the agent will run on the database.

What am I doing wrong?
Offline  
Old 09-09-2009, 03:31 AM   #2 (permalink)
Thumbs Must Hurt
 
Join Date: Oct 2008
Model: 9780
OS: 6.0.0.359
PIN: N/A
Carrier: Telekom.de
Posts: 79
Post Thanks: 1
Thanked 0 Times in 0 Posts
Default

By ensuring Blackberry Browser is set as default and allowing all the java script options client side in the browser I am now getting session cookies which last as long as the browser is open. But need persistent cookies that do not get wiped when the browser is closed. Any ideas?
Offline  
Old 09-09-2009, 11:25 AM   #3 (permalink)
Thumbs Must Hurt
 
Join Date: Oct 2008
Model: 9780
OS: 6.0.0.359
PIN: N/A
Carrier: Telekom.de
Posts: 79
Post Thanks: 1
Thanked 0 Times in 0 Posts
Default

Resolved this:

Crucial were domino server doc and the enablement of MDS connection service http settings
Offline  
Old 09-10-2009, 03:10 AM   #4 (permalink)
BlackBerry Extraordinaire
 
noname's Avatar
 
Join Date: Sep 2005
Location: Congested Islet of "Foreign Talents" (> 45% of workforce) - Singapore.
Model: Z10
OS: 10.0.0
PIN: NUKE(PAP)
Carrier: Singtel
Posts: 1,504
Post Thanks: 6
Thanked 9 Times in 9 Posts
Default

Just curious, MobileMind, did you create a web site document and have it linked up to the BES' Domino server doc? How is your MDS-CS settings like?
__________________
Native but 4th class citizen of a nation governed by idiots who import congestions & contention.
Offline  
Old 09-16-2009, 05:12 PM   #5 (permalink)
Thumbs Must Hurt
 
Join Date: Oct 2008
Model: 9780
OS: 6.0.0.359
PIN: N/A
Carrier: Telekom.de
Posts: 79
Post Thanks: 1
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by noname View Post
Just curious, MobileMind, did you create a web site document and have it linked up to the BES' Domino server doc? How is your MDS-CS settings like?
In order to get SSO to work you need to load the Internet configs from a web site doc as an alternative to the server doc where you enabled this possibility. If you have lots of web ready apps then you have to create a lot of web site docs to manage them all so this is not always the best way forward as it might create more problems than it resolves.
By disabling session authentication on website docs you can bypass the normal domcfg.nsf mechanisms and use browser or blackberry forms instead to authenticate. But it seems to be an either or type choice. You either use the browser or you use domcfg notes login forms which are little clunky in a blackberry browser and do not have the remember me tick box on the default form. Really I want both types of authentication with server with website docs used when a specific path is named thereby limiting the numbers of website docs and using notes domino forms and processes for all my non web traffic. Not sure how to configure that on domino- do you know a way? Its possible that this granularity is just not available at present

I set MDS CS both bits to true. Maybe I should have tested either or also.
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.