How to permit Web app users with external certificates to submit if no anonymous access is permitted

In a Domino-based Web application, where users are authenticated to the system via an external certificate, how do we permit these users to perform submissions from the Web if anonymous access to the database is set to No Access? Authentication to the URL is secured by WebSEAL. In this case, is it safe to grant anonymous users Editor access in the database ACL?
Let me make sure I understand the setup here…Authentication to the Domino server is not handled by Domino itself. You are using the Tivoli Access Manager WebSEAL product to provide two-factor authentication for connection requests. So, by the time a user connects to Domino, they have already been authenticated to your overall network. Assuming this is correct, here is my take on it:

I guess you could set Anonymous=Editor. This would give anyone connecting to Domino Editor access, since he/she has already been authenticated by WebSEAL. The problem with this is that Domino never knows the identity of any user. So you cannot distinguish someone who should be Author from someone who should be Editor or Reader, etc. Also, Domino won't know the name of any user. (Your code could ask their names, but they could lie, since you are not authenticating their names.)

So, I guess your scheme is "secure" in the sense that only valid users can connect to the Domino server, and you want any such user to be Editor (or maybe Author). But you will have to think carefully about what you want the Domino application to do. Will it really work right if every user is Anonymous and cannot reliably be distinguished from every other user?

(If any other reader has experience with this setup, I would love to hear about it.)

Dig Deeper on Lotus Notes Domino User Settings

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.




  • iSeries tutorials

    Search400.com's tutorials provide in-depth information on the iSeries. Our iSeries tutorials address areas you need to know about...

  • V6R1 upgrade planning checklist

    When upgrading to V6R1, make sure your software will be supported, your programs will function and the correct PTFs have been ...

  • Connecting multiple iSeries systems through DDM

    Working with databases over multiple iSeries systems can be simple when remotely connecting logical partitions with distributed ...