Let me start of by fending you off by saying no I do not mean that we need a way to log into Lotus Connections… 🙂 We have a fair number of those and all are actually well documented and are working just fine. What I mean is that I have been wondering whether we need a specific feature (like Profiles, Bookmarks, Search) to handle the login into Lotus Connections. So why do we need that when we have a working product today?
The Lotus Connections product today have one sore point which is really a hazzle and it’s something that most customers would love to do and that’s customizing the UI. Today customizing the UI can be done albeit it’s a bit tedious and a lot of steps are necessary. It is however relatively easy to centralize the UI files and customize it in one location. All but for one thing. The login page. You can make Lotus Connections look the way you want except for the login page.
To customize the login page today you have to touch 15 files across all features. 15 files!! Are you kidding me?! The main issue is that every single feature has it’s own login page located deep within each feature code base (as a JSP which is somewhat readily editable). Also editing this login page means you have to hand-carry the customizing across upgrades.
So that’s when I thought about having an extra feature that handles the logging in. So instead of having a login page per feature you’d have a single login page in a single feature. Customizing that one would be trivial as it’s just a single JSP and it could maybe be sourced as an include from the HTTP server where all the CSS and image files are already stashed. I know there are stuff to consider such that SSO would have to be enabled among features (plus probably a host of other things I didn’t think of) but I think it’s an interesting idea. From my limited knowledge of the Lotus Connections innards it looks reatively easy to implement.
- Check that the user has been authenticated (maybe in a Filter)
- If yes – super!! Allow into content
- If no – bummer!! Make a note of the url the user was trying to access in a session variable and forward to the login feature
- Once authentication has been completed do a forward back to the url
Simplified I know but interesting. Comments?!
lekkimworld.com 
Hi Mikkel,
We have a client that has effectively completely bypassed the standard Connections login screens. They have setup SSO with Tivoli Webseal so the user’s are authenticated there first and then using a LTPA token they are authenticated for Connections. In fact they can’t even access to normal login screens. When they log out they are sent back to webseal.
I agree completely that having login screens for every feature is painful and that having a central login feature would be a much better way to go.
LikeLike
Well offcourse I agree with you mikkel as I have done all those mdofications of those 15 pages ! and yes its a pain. But when finally done heaven is closeby 🙂
LikeLike
I’ve done what you describe in the past, I also implemented a single login user interface (think at domcfg.nsf in domino) and a remember me service that worked globally across the websphere instance.
The trick is based on the creation of a Trust Association Interceptor that handles:
– Redirect to central login page (saving the requested url)
– Check for remember-me cookie (and optionally trust-authenticate you)
– Redirect back to the requested url.
I succesfully used this approach with WebSphere Portal and Connections.
It can be done. I’m looking into "productizing" it to allow "very simple deployment and management" .
Next step would be extending the TAI to allow Facebook Connect / Oauth / Open ID
LikeLike
Absolutely Mikkel – the current login customisation process is harrowing!
I like your idea, and also have one of my own I’ll blog about later today.
For those that have commented with more complex solutions – I love that we have such a creative community! However, as we look to extend the reach of Connections into the marketplace, I think IBM needs to make this as easy as possible for companies of all sizes, and so integrated light-touch options are definitely the way to go.
LikeLike
i am so happy to find this discussion. I’m working with developing SaaS solutions at Logica and I’m very interrested in this topic. I agree that IBM needs to do something to improve our possibilites to modify login-pages more easily. Also I am looking for SAML support as an authentication option. Has anyone done something with that?
LikeLike
FYI, IBM Connections 4.0 supports OAuth via TAI
LikeLike