Short description of problem and requirements:
Required to provide SSL Client authentication for IBM/LOTUS Domino users and other remote systems.
Integrate web services without storing username/password for Web Service connections consumers/providers or providing anonymous access.
Problem resolution example:
1) In Domino server document for SSL authentication options must set Client Certificate to "Yes".
How domino recognizes connecting client with certificate. It searches address book for matching user/server with corresponding mapped certificate.
Web Service provider - uses standard authentication - user must send client certificate to server. If this type of authentication is enabled, then there should be no problem.
Web Service consumer - using IBM Notes consumer we should set SSL option for connection, that Client Certificate must be sent and for this purpose additional option must be set before connecting Setssloptions(NOTES_SSL_SEND_CLIENT_CERT).
Where are the benefits?
You can build SOA based applications and integrate Lotus Applications with Web Services, so it could be later exposed to other applications.
Possible scenario:
1) Create Web service, that approves some document.
It could be used by:
a) Notes client - create internet certificate for user and import in notes ID. Approved document from LN Client.
b) Same Domino server with Client certificate authentication enabled (no username/password required). Server side scripts.
c) Web browser client - if server uses username/password authentication - user already authorized for operation.
d) External applications - create new user in address book, create client certificate, integrate.
Subscribe to:
Posts (Atom)