Tuesday, June 07, 2005

Lotus Domino and Apache Tomcat - Single Sign On (SSO)

Found a good article on integrating Lotus Domino and Apache Tomcat for achieving Single SignOn (SSO) -
Domino and Tomcat SSO
The methodology is using LTPA (Lightweight Third-Party Authentication) Token for authentication. LTPA token is IBM's proprietary methodology and hence can be used to integrate IBM products e.g. Lotus Domino only.

3 comments:

  1. Anonymous4:59 PM

    LTPA works with more than just Domino. Don't forget WebSphere, Sametime (IM), Sametime Links, and of course Tivoli Access Manager.
    Also, I thought a few other vendors supported it, like SAP.

    Of course, if Microsoft invented LTPAToken it would be called "standard" not "proprietary". :)

    ReplyDelete
  2. Anonymous4:59 PM

    LTPA works with more than just Domino. Don't forget WebSphere, Sametime (IM), Sametime Links, and of course Tivoli Access Manager.
    Also, I thought a few other vendors supported it, like SAP.

    Of course, if Microsoft invented LTPAToken it would be called "standard" not "proprietary". :)

    ReplyDelete
  3. The format of the LTPA token is published in the Domino Security Handbook (redbook). From the doc, it appears that it is simply a string of name/value pairs (DN, Name etc) that is then encrypted with tripleDes and base64 encoded. It should be possible to create your own LTPA token if you know the tripleDes key.

    The problem I have is trying to get the 3des key. IBM allows a keyfile to be exported, and protedted with a password. I haven't been able to find any information on the format of the keyfile and how I can extract the true 3des key out of it. I'd appreciate any info on this.

    ReplyDelete