Q

How to permit Web app users with external certificates to submit if no anonymous access is permitted

In a Domino-based Web application, where users are authenticated to the system via an external certificate, how do we permit these users to perform submissions from the Web if anonymous access to the database is set to No Access? Authentication to the URL is secured by WebSEAL. In this case, is it safe to grant anonymous users Editor access in the database ACL?
Let me make sure I understand the setup here…Authentication to the Domino server is not handled by Domino itself. You are using the Tivoli Access Manager WebSEAL product to provide two-factor authentication for connection requests. So, by the time a user connects to Domino, they have already been authenticated to your overall network. Assuming this is correct, here is my take on it:

I guess you could set Anonymous=Editor. This would give anyone connecting to Domino Editor access, since he/she

has already been authenticated by WebSEAL. The problem with this is that Domino never knows the identity of any user. So you cannot distinguish someone who should be Author from someone who should be Editor or Reader, etc. Also, Domino won't know the name of any user. (Your code could ask their names, but they could lie, since you are not authenticating their names.)

So, I guess your scheme is "secure" in the sense that only valid users can connect to the Domino server, and you want any such user to be Editor (or maybe Author). But you will have to think carefully about what you want the Domino application to do. Will it really work right if every user is Anonymous and cannot reliably be distinguished from every other user?

(If any other reader has experience with this setup, I would love to hear about it.)

This was first published in April 2004

Dig deeper on Lotus Notes Domino User Settings

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchWinIT

Search400

  • iSeries tutorials

    Search400.com's tutorials provide in-depth information on the iSeries. Our iSeries tutorials address areas you need to know about...

  • V6R1 upgrade planning checklist

    When upgrading to V6R1, make sure your software will be supported, your programs will function and the correct PTFs have been ...

  • Connecting multiple iSeries systems through DDM

    Working with databases over multiple iSeries systems can be simple when remotely connecting logical partitions with distributed ...

SearchEnterpriseLinux

SearchVirtualDataCentre.co.uk

Close