|Professional Services||Second Signal||Presentations||Andrew's Blog||Support|
Your parent company has a website with a secure area for your customers and distributors. Its run by the parent company I.T. center in B.F.E. You've put together a private site in Domino that is specific to the products made by your division in Cool City. The parent company's IT guy reluctantly gives his blessing to the site mostly because it would cost him hundreds of thousands of dollars to do what you did in Domino in three days, but requires you to accept login information from them -- not prompt for another username.
This is something I've needed any number of times when dealing with complex web sites. The problem with most "Single Sign On" solutions is that they require you to fully participate in them on both sides, often to the exclusion of any other single sign on solutions. Sure, it works fine for internal sites with compatible servers -- like you maybe have some Websphere and some Domino, of if you're willing to play with the stack -- like running Domino with an IIS front end. The other problem with them, is they crash. Alot.
NCT Auto Login for Domino will be the answer to those questions, and does not require a DSAPI filter. All you need is single library added to the Domino program directory, and a LotusScript library is placed in any database and can be used to generate Domino LTPA Tokens matching the session based login schema you've defined for that server. You make a simple call within your LotusScript agent and get the token in whatever name you need.
In the case of the example above, the parent company creates a page, or a perl script, or whatever -- that generates a URL to your side which includes a 'token' on the url. That url points to an agent on your server which creates an LtpaToken, sets it in a cookie on the user's browser, and redirects the user to whatever page you want on your side -- where he will already be logged in. You could even have the agent be a generic redirector, including two parameters -- one for the user's name, and the other with the actual target url to point the user to once he's logged in to Domino.
Ready to integrate with other systems, out of the box
The product includes code and a fully documented schema for passing user information to and from remote sites in a secure manner. This is a schema similar to one that I have had in continuous use at customer sites for several years. It is tried and true, and has proven compatible with sites built on IIS, Apache, Websphere, BEA, and whatever Oracle's product is. You don't have to use this schema, but you'll want to. It defines the creation of a token which contains the user name and a timestamp in a packet encrypted with Blowfish -- an industry standard encryption algorithm. The product includes a well tested Blowfish implementation for LotusScript, and documented compatible examples for Java and Perl which can be given to your partner sites for their end. The schema clearly spells out how to include a timestamp so that the encrypted packet cannot be bookmarked or shared with others as it will become useless after a few minutes.
Simple and Stable -- No DSAPI Filter Needed
DSAPI filters are powerful things indeed. They are also very difficult to write (well) and maintain. Instead of a DSAPI filter, NCT Auto Login for Domino uses a simple LotusScript call when needed to the external library. This has a major advantage over the use of a DSAPI filter. Those filters are running all the time. They are active during every single page or image request, thousands of times during the session of a single user. NCT Auto Login is called only one time per session when its needed, then goes away. This is an advantage in stability and performance.
So how much should I sell it for?
A single license will cover operation on one server, which really means that Domino server and all the Domino and Websphere servers using the same LtpaToken. I wouldn't expect to sell more than one copy to most companies. The package includes the library and the script to call it, a full blown implementation ready to use out of the box, a full set of documentation ready to hand over to the other site administrators -- including samples in other languages, and a fully tested Blowfish implementation.
I'm thinking of selling it for $3500. What do you think?
Please wait while your document is saved.