Custom Web Services Authentication

Dot com

A government organisation wished to present a unified view of the web sites of different part of the organisation. Part of this required use of a single sign-on mechanism for varied server technologies. An authentication server was installed to do this and all existing websites were modified to allow the authentication server to be used to perform user log-on.

One of the existing websites was running under Lotus Domino. Tron Systems was chosen to perform the integration between the Domino server and the authentication server. The authentication server is used to perform user log-on and link that user to information held about them. To allow Domino to use the authentication server for user log-on instead of using Domino's own authentication, a Domino Web Server Application Programming Interface (DSAPI) filter was developed. The requirements were:

  • User logs on to the authentication server using their email address
  • The Domino server checks with the authentication server that the user is still valid
  • Existing users can access their own documents in a Domino application containing documents protected by reader names
  • User must therefore be known in Domino with their existing Domino user name

The DSAPI filter was written to meet the requirements. It makes SOAP calls to the authentication server to confirm the user details from a cookie that the user receives from the authentication server at log-on. The user email used for log-on is translated to their Domino name using information in the Domino directory. On finding the user, the filter sets the authenticated name to be the full name in the Domino directory. Users then access the Domino data as if authentication had been done by Domino.

As a result of the implementation of the filter, the organisation was able to change the log-on user names and create a single sign on environment without having to change the existing application or data.