dominoExperts.com - Powered by Domino 8.5.2 Domino Accelerator Pack
- Reduce network traffic
Lotus Triple Search DominoExperts + Blogs + R8 forum
dominoExperts.com -> General Domino Talk

 Redirect Unauthenticated Users


dm99Post date: 2010-10-08 00:46
I'm working on integrating iNotes 8.5 with Jasig CAS (Central Authentication Service). An issue I've run into is that if a page requires authentication, I need to redirect the user to the CAS login page rather than Domino's, and then after they've logged into CAS, I need to send them back to the page that they were trying to access. Is this possible? I'm free to make whatever modifications I need to the CAS server, and I've already configured it to set an LtpaToken for the user. So for the short version, I need to: 1. Redirect the user to CAS to log in 2. On return from CAS, display the page the user was trying to access Thanks! - Drew

DannePost date: 2010-10-08 11:23

You can use a special "login form" for domino.

The domcfg.nsf (Domino Configurartion) database that should be created in teh root of the domino server controls what login forms you use.

Change the settings for your domain and make it use "your" login form.

Then on that login form. make some tests if you have the correct credentials, if not redirect the user to the CAS login page.

 

That should solve it.

You can just do a normal JS redirect or a more advanced http redirect.


dm99Post date: 2010-10-08 21:27
This sounds good. I'm a complete beginner, though, to Domino. To create my own login form, is there a way to copy the login form that comes by default and edit that to add the Javascript redirect? Thanks!

Tomas NielsenPost date: 2010-10-10 11:18

There is a default form in the domcfg.nsf database after you create it from the template. You can modify it at will.

Just remember to turn of the design inheritance from the template or all your changes will be lost over night when the design task runs.


dm99Post date: 2010-10-12 21:51
I figured out how to edit the form, but how can I get the RedirectTo field appended to the URL I need to redirect to for SSO? In other words, if the user accesses /mail/username.nsf, how do I redirect the user to http://sso-server/login?RedirectTo=/mail/username.nsf? Thanks again!

DannePost date: 2010-10-13 11:39

Addinng a simple Javascript redirect in the Head like:

    document.location.href="/http://sso-server/login?RedirectTo=/mail/username.nsf";

might do the trick (you must wrap it in "script tags" ofc

 


dm99Post date: 2010-10-13 18:19
Sorry... I should have been more clear. I need to dynamically determine the value of RedirectTo. It's a hidden form field on the default login page, but I need to access it as a value and not as a form field so I can include it in the URL I have to build: "http://sso-server/login?RedirectTo=<value of RedirectTo>". - Drew

dm99Post date: 2010-10-27 19:06
I was able to get this to work by modifying a copy of the Domino login page as follows:

  1. removed all of the extra text, images, and form fields except "RedirectTo".
  2. added the following to the JS Header:
    function redirectToCas() { document.location.href = 'http://cas-server/cas/login?service=http://domino-server' + document._CasLoginForm.RedirectTo.value; }
  3. added onLoad=redirectToCas(); to the HTML Body Attributes
  4. added the following text and link to the page:

    Redirecting to the Central Authentication Service. If you are not redirected, <a href="#" onclick="redirectToCas();return true;" name="casLink">click here</a>.

It's working great, except one (relatively minor) issue I have now is that I can't get rid of the form's submit button even though it's nowhere within my page. I don't need it anymore, even though I need to keep the form itself to access the value of RedirectTo. Is there a way to get rid of that button?

Thanks in advance!

- Drew

Tomas NielsenPost date: 2010-10-29 10:52

Nice to hear it is working out!

What you are doing is a bit outside what the domcfg database was designed for.  ;-)

I can Imagine Domino thinks there should be a submit button on a login form and adds one if it is not there.

You could try to put back the original submit button and surround it with HTML-comments.

<!-- <button> -->

Just make sure you mark the comments as "Pass-thru HTML" (available under the Text-menu).




RSS feed
Subscribe to Forum

Share this page

Top posters
Tomas Nielsen212
Joacim Boive27
Fredrik Stöckel27
Danne14
Niklas Waller13
Kenneth Haggman11
Bryan Kuhn10
Daniel Lehtihet9
Jonas Israelsson8
dm997