In October last year IBM published the social enabler which allows access to IBM Connections. The social enabler uses a server side web security store (nsf) to store user names and passwords for basic authentication to provide a SSO between XPages apps and Connections. These credentials are used on server side to invoke the Connections REST APIs.

The IBM business partner Computer Architechs International Corp. built the Lotusphere online system this year which uses XPages and Connections. They looked for a way to provide a SSO without a server side credential store and they found an easy way using the ltpa token. They contributed this code to OpenNTF so that it can be added to the Extension Library.

The following text is from Reed Gesteland, President & CEO from Computer Architechs International Corp., where he describes more details.


"Computer Architechs International Corporation has been working with IBM since the year 2000 to build the online system for its premier IBM Lotus software conference called Lotusphere. The purpose of the online system, aptly named Lotusphere Online, is to provide a way for registered attendees to create their schedules, connect, interact and to get the chance to experience the latest that the Lotus Software portfolio had to offer in a real world user environment. Every year our team was challenged to do our best to seamlessly integrate the latest IBM Lotus software into Lotusphere Online which sometimes required us to introduce beta software into the mix for maximum impact. This meant that one year we needed to introduce the Lotus Notes 8 client with Composite Application technology prior to its GA release for use by attendees on the Lotusphere Online workstations available throughout the conference hotels. This also meant integrating the recently introduced Lotus Connections 1.3 as part of the Lotusphere Online offering to showcase IBM's latest foray into the world of Social Business applications. Every new Lotusphere meant new software releases and new challenges for our team to overcome. This last Lotusphere Online (renamed in 2012 to Social Business Online) was no different. Our goal this time was to seamlessly integrate XPages (IBM Lotus Domino 8.5.3) with the latest releases of other IBM Collaboration Solutions products including IBM Sametime 8.5.2 and IBM Connections 3.0.1 by providing a Dashboard type interface that harmoniously pulled together the different social business applications into one easy to navigate interface.

Our goal was to leverage the APIs of the various products to exchange data with the XPages dashboard to provide this seamless experience for every user. The dashboard would consist of widgets with the ability to provide two way population of data among the various products so that attendees could, not only see all important conference related information in one clean interface pulled in from various sources, but also send data updates to those same sources. For example, with Connections, we wanted to show users the most recent updates going on inside Connections such as the latest Status Updates, most recent postings in Communities, newest Bookmarks, etc.... At the same time we also wanted to give the attendee the ability to type in a Status Update on the dashboard which would then automatically populate that status update into the attendee's Connections profile.

Although the XPages Extension Library did provide a way for developers to store user credentials so that XPages could access other websites without requiring users to login each and every time (i.e. XPages accesses Connections via the API), we felt that storing a user's credentials as is on our site was a little cumbersome and not the most secure way of achieving our goal to have true Single Sign-on (SSO) among the various platforms behind the scenes.  So we tried to come up with a way to make this process more seamless and, for all intents and purposes, more secure.

After some extensive research, we found a posting in the IBM Connections Wiki about using the IBM Connections API in different programming languages. This posting described how to use the AbderaClient's addCredentials function to pass user credentials using Java. Using that function as a reference we created a new function that would "stuff" the token generated from the user's credentials into the LTPAToken cookie, the same cookie IBM uses to provide SSO among its suite of web applications. Once the LTPAToken got populated we were able to create the desired back-end SSO environment that we needed to pull off the integration with the desired results.

Some time after shutting Social Business Online down we were approached by IBM to contribute the LTPAToken SSO code to OpenNTF to be added as part of the XPages Extension Library for the benefit of other developers. We gladly agreed and hope that this code helps other developers with their integration projects moving forward."



comments powered byDisqus