Rails - Jun 2006 - RoR authentication with IBM Notes/Domino

This is a very simple authentication system for a Ruby on Rails server in
the same internet domain. It will allow you to get back the username of the
person hitting your server provided they already have authenticated with an
IBM Lotus/Domino or Websphere server that uses multi-server based session
authentication.
IBM Domino/Websphere authentication works by placing an encrypted cookie for
a given domain. There are a number of ways to find out what this cookie
means.
For instance, you could either:
1. Decrypt the cookie using the secret key in the domino directory; or
2. Pass that cookie along to a live domino server and get back the username.
In this example, we are going to use the second option. This means we take
that cookie and then pass it to an IBM server to check the authentication.
The cookie is stored in as LTPA token. Here is the ruby on rails code:

require ''open-uri''

module DominoAuthenication

public
# accesses the current user from the session.
# overwrite this to set how the current user is retrieved from the session.
# To store just the whole user model in the session:
#
# def current_user
# session[:user]
# end
#
def current_user
if session[:user]
@current_user ||= session[:user]
else
begin
tokenstring = "LtpaToken="
tokenstring = tokenstring + cookies[:LtpaToken] if cookies[:LtpaToken]
OpenURI.open_uri(''http://[your domino server here]/[your
database]/[some
page that returns the username]'',
"Cookie" => tokenstring) do |http|
@current_user = http.read.strip
end
#rescue
end
end
end
end

On the domino side, you just need to create a database and then a page
within the database that has a field returning @username().
This will then return the full username. If you are using QuickPlace for
instance, you will get back something like
"CN=user/OU=placename/OU=QP/O=certifier" and you can deal with this as
you
like in your ruby code.


-- 
Regards,
Ian Connor
http://ianconnor.blogspot.com/2006/06/ror-authentication-with-ibm.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://wrath.rubyonrails.org/pipermail/rails/attachments/20060626/6aaf5259/attachment.html

But how did you put Domino and ROR under the same domain? Can you
describe more your solution?

David


-- 
Posted via http://www.ruby-forum.com/.

As long as you have the RoR on a server in the same domain, e.g.
http://www.projectlounge.com is the domino server, and
http://ror.projectlounge.com is the Ruby on Rails server, then it will be in
the same domain when you set the authentication to work across the domain.

You could also have them on the same server, and then just use mod rewrite
to direct requests based on the URL for instance
http://www.projectlounge.com/dominorails/* will go the RoR server and the
rest goes to domino.

This is how we are expanding IBM QuickPlace with RoR code and it seems to
work fairly well. You get the ability to write quick features in RoR that
you can link into Domino.

I have started to write a DominoRecord type base class that can make it a
little faster to include Domino models. Email me if you want to help with
that.

Ian.

On 6/26/06, dmarko <dmarko@tiscali.cz> wrote:
>
> But how did you put Domino and ROR under the same domain? Can you
> describe more your solution?
>
> David
>
>
> --
> Posted via http://www.ruby-forum.com/.
> _______________________________________________
> Rails mailing list
> Rails@lists.rubyonrails.org
> http://lists.rubyonrails.org/mailman/listinfo/rails
>


-- 
Regards,
Ian Connor
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
http://wrath.rubyonrails.org/pipermail/rails/attachments/20060709/20d097ba/attachment.html