Home
Extended ECM
API, SDK, REST and Web Services
LAPI & SSO
Mark_Bastin_(mbastin_-_(deleted))
Hi,Currently I am connecting to a livelink instance via the 'normal' way using Java LAPI. However, soon I will have to do this over SSO.Do I need to make large scale changes to the way I connect? If so, Can someone help with what may be required?Regards
Find more posts tagged with
Comments
eLink User
Message from Nair, Krishnankutty via eLinkWhat kind of webserver and authentication do you use ?If it is IIS I have a post at trhe communities WIKI.
http://communities.opentext.com/communities/llisapi.dll/open/2124975(This
needs free regn)Simply in non-secure tunneling you will hit the web server port (80)usually rather than livelink port ( 2099)The web server may ask the user for credentials.You usually pass yourusernameKnown to the webserver ,empty password .The webserver lets you in to thelivelink CGI whichActually relays all the information contained in the "BasicAuthentication" cookie to theLivelink application server port.So for IIS and SSO to workA)Anonymous or IWA in web site.REMOTE_USER variable to be present.B)Basic Authentication on the web site.A simple asp script to see if REMOTE_USER is present in the call.Put it in the same virtual directory as the livelink CGI to seeAll the params.If you have access as livelink sysadminfunc=admin.testargs should do theSame as well.-----Original Message-----From: eLink Discussion: LAPI Discussion[mailto:lapi@elinkkc.opentext.com] Sent: Wednesday, March 21, 2007 5:44 AMTo: eLink RecipientSubject: LAPI & SSOLAPI & SSOPosted by Bastin, Mark on 03/21/2007 06:42 AMHi,Currently I am connecting to a livelink instance via the 'normal' wayusing Java LAPI. However, soon I will have to do this over SSO.Do I need to make large scale changes to the way I connect? If so, Cansomeone help with what may be required?Regards[To reply to this thread, use your normal E-mail reply function.]============================================================Discussion: LAPI Discussion
https://knowledge.opentext.com/knowledge/llisapi.dll/open/765428Livelink
Server:
https://knowledge.opentext.com/knowledge/llisapi.dllTo
Unsubscribe from this Discussion, send an e-mail tounsubscribe.lapi@elinkkc.opentext.com.-----------------------------------------*Please note my E-Mail Address has changed. Please update yourcontact list*Anadarko Confidentiality Notice: This electronic transmission and any attached documents or otherwritings are intended only for the person or entity to which it isaddressed and may contain information that is privileged,confidential or otherwise protected from disclosure. If you havereceived this communication in error, please immediately notifysender by return e-mail and destroy the communication. Anydisclosure, copying, distribution or the taking of any actionconcerning the contents of this communication or any attachments byanyone other than the named recipient is strictly prohibited.
Mark_Bastin_(mbastin_-_(deleted))
I believe going forward LDAP will be used for authentication. Also the component I have written to access livelink is essentially a POJO based application that does not within an app server or web server.Do I need any extra modules/utilities to be able to connect oser SSO?regards
Louis_Routhier
Sorry, I'm not sure exactly what you said about the POJO part but as far as I know, using tunneled connection, there's nothing else to do but you must know that if you use your LAPI on a web page on server side you will probably have trouble with it. This is due to what is called delegation.For more detail, you should look at this article (again on the communities wiki)
http://communities.opentext.com/communities/llisapi.dll/wiki/162164/How to use integrated security
Mark_Bastin_(mbastin_-_(deleted))
Didn't mean to confuse but a POJO is an acrynym for Plain Old Java Object.My application currently connects on port 2099. It's not a web based app. It's just a standalone application that uses the Java LAPI to connect to a livelink instance on a server.I'll check out the article and see if it helps.thanks
eLink User
Message from Carsten Kulms via eLinkIt depends on the secnario ... by the other posts in this thread Iunderstood that you connect by a standalone LAPI client.Then you have the following possibilites (all require to change howLLSession is created):- use HTTP tunneling with NTLMThis will give you SSO _if_ NTLM is possible (i.e. the LAPI client runson Windows _and_ the HTTP Server is IIS, properly configured) BUT onlyin the sense that the account (user name) under which the LAPI clientruns is used to authenticate a LAPI call. (Maybe exactly what you want.)- use HTTP tunneling with BASIC Auth. For this the LAPI needs to obtain the credentials to use forauthentication at the HTTP server. (Maybe exactly what you want becausethe user authenticates at an application which invokes your LAPIclient.)[For security reasons this should be used only over HTTPS.]These two possibilites also require to properly setup LES for externalauthentication (e.g. using DirectoryServices modul).- use the LLCookieThis works for both, direct and HTTP tunneled LAPI calls.The LAPI client needs to obtain the value of the "LLCookie" cookie forthe current user, usually from a previous access of LES. (Maybe exactlywhat you want, if your LAPI client is invoked from an app which canprovide this cookie.)[For security reasons this should only be used if the connection betweenthe LAPI client and LES can be secured in some way, e.g. client and LESare on the same machine. (Because direct LAPI access cannot be SSLsecured.)]However, since I did not catch what your SSO scenario is (where / howthe intial login, the "single sign on", is done), the above notes arejust hints.
