[MobileMind]

I have a Notes Domino BES 4.1.6 environment. I am trying to enable SSO for Application server authentication from a Blackberry device for HTTP requests from the device.

The idea is that with SSO the application will automatically pick up the user credentials and login to the application server and use his stored credentials to access the application avoiding repeated authentication requests.

The agent works when I manually authenticate so the issue I have is to do with automatic authentication.

I have tried the following.

1) In MDS Connection service - http section I have set support HTTP Connection and Support HTTP Cookie storage to true

2) I have both restarted the BES server and the MDS service

3) In the application server document and BES server document on Domino I have made sure the servers are trusting one another and have sufficient access rights. There are also replication connection documents there.

4) The ACL on the Application itself permits authenticated user access only ie no anonymous. If we need to change to this to anonymous then we will need a completely new approach.

5) I tried setting the application server as a trusted host on the device in security -tls

6) I trusted the server based condensed directory catalog for authentication with internet protocols in the application server document and rebooted the server

Despite all the above when I launch my request from an email on the Blackberry using a URL to activate a web agent the server requires me to authenticate with it before the agent will run on the database.

What am I doing wrong?

[MobileMind]

By ensuring Blackberry Browser is set as default and allowing all the java script options client side in the browser I am now getting session cookies which last as long as the browser is open. But need persistent cookies that do not get wiped when the browser is closed. Any ideas?

[MobileMind]

Resolved this:

Crucial were domino server doc and the enablement of MDS connection service http settings

[noname]

Just curious, MobileMind, did you create a web site document and have it linked up to the BES' Domino server doc? How is your MDS-CS settings like?

[MobileMind]

Quote:

Originally Posted by noname

Just curious, MobileMind, did you create a web site document and have it linked up to the BES' Domino server doc? How is your MDS-CS settings like?

In order to get SSO to work you need to load the Internet configs from a web site doc as an alternative to the server doc where you enabled this possibility. If you have lots of web ready apps then you have to create a lot of web site docs to manage them all so this is not always the best way forward as it might create more problems than it resolves.
By disabling session authentication on website docs you can bypass the normal domcfg.nsf mechanisms and use browser or blackberry forms instead to authenticate. But it seems to be an either or type choice. You either use the browser or you use domcfg notes login forms which are little clunky in a blackberry browser and do not have the remember me tick box on the default form. Really I want both types of authentication with server with website docs used when a specific path is named thereby limiting the numbers of website docs and using notes domino forms and processes for all my non web traffic. Not sure how to configure that on domino- do you know a way? Its possible that this granularity is just not available at present

I set MDS CS both bits to true. Maybe I should have tested either or also.