IBM Domino/Websphere authentication works by placing an encrypted cookie for a given domain. There are a number of ways to find out what this cookie means.
For instance, you could either:
1. Decrypt the cookie using the secret key in the domino directory; or
2. Pass that cookie along to a live domino server and get back the username.
In this example, we are going to use the second option. This means we take that cookie and then pass it to an IBM server to check the authentication.
The cookie is stored in as LTPA token. Here is the ruby on rails code:
require 'open-uri'
module DominoAuthenication
public
# accesses the current user from the session.
# overwrite this to set how the current user is retrieved from the session.
# To store just the whole user model in the session:
#
# def current_user
# session[:user]
# end
#
def current_user
if session[:user]
@current_user ||= session[:user]
else
begin
tokenstring = "LtpaToken="
tokenstring = tokenstring + cookies[:LtpaToken] if cookies[:LtpaToken]
OpenURI.open_uri('http://[your domino server here]/[your database]/[some page that returns the username]',
"Cookie" => tokenstring) do |http|
@current_user = http.read.strip
end
#rescue
end
end
end
end
On the domino side, you just need to create a database and then a page within the database that has a field returning @username().
This will then return the full username. If you are using QuickPlace for instance, you will get back something like "CN=user/OU=placename/OU=QP/O=certifier" and you can deal with this as you like in your ruby code.
2 comments:
Is the first option possible or were you just teasing us? :o)
I wouldn't tease :)
Loosleaf link
However, if you start to play with this stuff you are really on your own for support. If you let Domino do the decrypting, and it breaks you can call IBM support and get a hotfix.
This is also the method that is used at an opennft project
Open NTF link
Post a Comment