Thursday, October 1, 2009

Integrating Notes account managment into an enterprise wide solution

Our IT department is in the early stages of implementing an enterprise wide user account management appliance. One of my tasks was to come up with a way for this appliance to work with Notes. The appliance we are using is IntApp Integration Builder.

On the Notes side we currently use GSX ID Manager to manage Notes accounts and groups. Today admins manually create new user requests via a Notes form and ID Manager processes the request in the background. Since ID Manager is a standard Notes application and the design is not hidden, it is easy to integrate with it.

At first we tried using the NotesSQL connector to connect to the ID Manager application in Notes. This worked very well however it requires a Notes client with the NotesSQL connector installed to act as a gateway between the appliance and Notes. This is a potential breakdown point that we would rather avoid.

The ultimate solution is Web Services. The IntApp appliance integrates with most other applications using web services so why not Notes as well. Since we have full access to the ID Manager database design we can custom code a web service provider and use Lotus Script to create the request for ID Manager to process. This is the first time I have delved into web services but found it fairly easy to setup if you already know Lotus Script or Java.

The one issue I ran into was with web authentication. When a web service is contacted the Domino server presents the standard login web page. I haven't figured out how to make the appliance pass login info to this form in order to have access to the service. If anyone knows how to provide authentication to a Domino web service let me know.


Anonymous said...

It sounds like you need to create a "Web Site Rule" in the Domino Directory to "Override Session Authentication" on that web site. You'd make the incoming URL pattern for that specific .nsf file containing your web service/agent.
like: /mydir/mydb.nsf/*

This lets you call the web service with simple-authentication, instead of forms-based authentication.

Brian Green

Kevin Kanarski said...

That makes sense Brian. I was trying Single Server and Multi Server but didn't think about Disabled. I'll give it a try. Thanks.

Anonymous said...

Ideal variant