Gil, Unfortunately, all the bridge app can do is tee up an LTPA token for Domino and then flip the user over to Domino, and Domino either accepts or not. The bridge application log looks fine as far as they go. Any chance the Domino application has logs about its experience of the token in rejecting it?
Kind regards, Andrew On Mon, Nov 19, 2012 at 7:12 AM, Gil Victor <[email protected]> wrote: > Hi Andrew, > > First of all, thank you so much for your response. > I took some time to learn about new technologies involved in > "ltpa-bridge", like (gradlew, shiro...). > As you said, it's better architected make a "bridge" app to communicate > whit CAS, instead of a implementation directly inside CAS. > > I did some configuration to fit my environment (files attached): > - ltpa.properties > - shiro.ini > > When I try go to "http://localhost:8080/ltpa/token";, it redirects to the > CAS's login page correctly. > I enter the user/pass, and after I get the login screen of the iNotes > e-mail. > > Maybe is there some mistake in my configuration's files. > I attached the log of ltpa-bridge app. > > Thanks in advance, > Gil Victor > > > 2012/11/16 Andrew Petro <[email protected]> > >> Hi Gil, >> >> While Unicon's first pass at bridging to LTPA also involved modifying the >> CAS server to add this feature, review and refactor led to an architecture >> of a separate bridge application instead. >> >> I'm a big fan of this architecture, incidentally. Keep CAS simple and >> focused on doing what it does well -- the CAS protocol - and rely upon >> authenticating to bridge applications to translate to other protocols. In >> this architecture, the Shibboleth IdP, CASified, becomes a really great >> bridge for speaking excruciatingly rigorous SAML. >> >> Anyway. An LTPA bridge, CASified, becomes a much smaller and less >> ambitious bridge for speaking passable LTPA. And here it is: >> >> https://github.com/Unicon/ltpa-bridge >> >> The idea is that it's a simple little Java webapp. It's a CASified >> application. Your users log into it using CAS, just like any other >> CAS-using service. The bridge computes the LTPA token and redirects the >> browser over to the target application with the token. Install and >> configure one of these bridges for each LTPA-consuming application you want >> to CAS-integrate. >> >> If that becomes unwieldy, do something fancier and ideally proffer a pull >> request. :) >> >> I should mention that this bridge application probably isn't yet in >> production anywhere. It's the refactored and in my view better architected >> version of something Unicon initially did as local CAS customizations for a >> client. The customizations it was refactored from have been successfully >> in production for months. >> >> Hope to hear about your successful experiences with it. >> >> Kind regards, >> >> Andrew >> >> >> >> >> On Fri, Nov 16, 2012 at 6:30 AM, Gil Victor Teixeira Pinto < >> [email protected]> wrote: >> >>> I'm trying to integrate iNotes following the tutorial: >>> >>> https://github.com/apetro/casify-lotus-domino-inotes/wiki/CasifyDominoLotusiNotes >>> >>> I'm having trouble completing the modifications on the CAS server to >>> generate the LTPA token to be returned to the client (Domino / iNotes web >>> mail). >>> At the forum domino experts< >>> http://www.dominoexperts.com/articles/Creating-a-session-for-a-user> >>> there are some tips for creating the cookie< >>> http://offbytwo.com/2007/0/21/working-with-ltpa.html<http://offbytwo.com/2007/08/21/working-with-ltpa.html>>, >>> but I do not know if the code is correct because I have no idea how to >>> return it to the client that is requesting authentication. >>> >>> I wonder if anyone has some sample code that does this generation of >>> LTPA cookie. >>> >>> Thanks in advance! >>> >>> -- >>> You are currently subscribed to [email protected] as: >>> [email protected] >>> >>> >>> >>> >>> To unsubscribe, change settings or access archives, see >>> http://www.ja-sig.org/wiki/display/JSG/cas-user >>> >>> >> -- >> You are currently subscribed to [email protected] as: >> [email protected] >> >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-user >> >> > -- > You are currently subscribed to [email protected] as: [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
