it works on one server but doesn't work if I open xPage from another server.
What should I tune up on Domino or maybe in db ACL?
Not sure If I can get current user mail address through the session object.
Related
Very strange issue I am facing from past few days. I am just able to login to any application on my domino server using "Mozilla Firefox". If I use any other browser (Chrome, IE), it just stays on the login page with absolutely no information, everytime I login in it again shows back the login page with no error message at all. Its quite strange since its working perfectly fine on Firefox.
I am not sure, but I somehow feel that it has something to do with the configuration. Would really appreciate if someone can guide me here.
Edit 2:
Selecting Single Server, does work, that was the simplest solution; as of now we do not need "Multiple Server".
However, we do not use any other "Internet Sites", I tried to remove the organization field, however, that lead me to "An R5 web SSO configuration already exists", which in turn lead me to here. However, I am able to move further here with "Multiple Servers".
Edit 1: Based on the answers, here are the things I tried. Please find below the snapshot of each of it for better understanding..
LTPA Token Configuration
Server Configuration for LTPA Token
Network tab - before login
Network tab - after login
Console shows nothing before or after login, neither does the server log files. Also, I am able to access the names.nsf database with absolutely no problem. Lastly, I try to access a database with no anonymous access and hence get redirected to the login page (however, as question mentions, it just stays in loop)
Ok, you may need to provide a little more information.
Are you doing a "normal" login using domcfg and a "...&login" url? Or are you trying to open a design element in a database that has no access to "anonymous" and thus redirects to the login?
You can easily check that "standard" login by opening the url: http://yourserver.com/names.nsf?login. Does it behave differently in the browsers? If not then your server setup etc. is Ok. Then you have to look at the solution that tries to log you in.
Your first place to check is in the browser's console. Are there any errors in there? E.g. some client side Javascript that stops running? Check the network tab when you inspect the console/developer tools. Does it send the right requests?
Another step is to check the console/log files on the server. If you have grown your own solution then you may want to add some simple print statements to prove that it sends what you think.
Finally, you can use a network sniffer (like wireshark) to see exactly what is sent between your browser and the server.
/John
A login- page that reloads itself after every login without a message like "Wrong username or password" or similar normally happens if the session authentication for the server is configured as Multiple Servers (SSO) (Found in Server document on Internet protocols-Domino Web Server, if Internet Sites are Disabled or in Internet Site document, if they are enabled).
In that case an LTPAToken has to be configured as well, and this token has to have a configured domain name. Whenever you try to access a server with SSO enabled using a hostname without domain or with a different domain, then exactly this will happen: Login- Page reappears after every try to login.
Example:
if the servername is myserver with ip 10.10.10.1 and the LTPAToken is configured for ".mydomain.com", then the only valid URL for login is:
hxxp://myserver.mydomain.com
Trying hxxp://myserver or hxxp://10.10.10.1 will result in exactly the described behaviour.
It is important to know, where to look for the "right" SSO- Configuration document.
If the server is configured to use "Internet Site documents" (Server- document, Basics- Tab, Load Internet configurations from Server\Internet Sites documents enabled) , then the SSO- document needs the field "Organization" to be filled. In that case you will find it in the Web\Internet Sites- View of the domino directory.
If Internet Sites are disabled, then the Field "Organization" has to be empty. In that case you find the SSO- document in the Web\Configurations view.
I have 2 servers. One with mail (server:webmail.test.com, path: mailErmo.nsf). And another with xpage (server: xpage.example.com, path:testXpage.xsp).
Im trying to open webmail in iframe or in new tab from xpages. Username and password are the same on both pages.
Edit:
I need to reenter username/password. Want xpage to do this for me.
This really isn't an XPages question. Its more of a server question. What you want to set up is single sign on for multiple servers. Once you authenticate against server #1 you will receive a token / cookie that will allow you to be authenticated against server #2 as well.
Now, granted, you actually can send credentials to the server to authenticate the user fro them, but it is bad design, as you would have to get / store the password (even if you are just storing in ram) which is insecure.
Use the pre-defined methods given to you by domino to accomplish (multiple server SSO).
I am attemtpting to use SessionAsSigner.getDatabase in SSJS to access a db on a different server. But it always returns null. For example I use:
var db = sessionAsSigner.getDatabase("canonical name of server","log.nsf", false);
There is probably error in server security setting. You can read this page: http://www-01.ibm.com/support/docview.wss?uid=swg21086111
When you use sessionAsSigner the server you are connecting to is able to authenticate who you are when you log in.
When you are running code on the server (A) and you need to talk to another server (B), then the first server has authenticate with A credentials. It cannot authenticate as you.
To allow it to run correctly you need to set up server A as a trusted server on server B.
You can set trusted servers in your server document.
You can programatically check if this is set using the NotesSession.isTrustedSession() method.
The problem is that you code is signed with different signers.
Try to resign the database with your or the servers id.
That will probably fix your problem.
The Server you are using needs to have access and a connection document to the server you want to access. So The first thing to do is: check If your server is listed in the "Who can Access this Server" Field in the Server document. Then check the Trusted Servers Section. Then check the ACL of your log (your executing server and the XPage signer need to have access to log.nsf)
In Jdeveloper, what happen if I remove cwallet.sso? what is this for?
I read that it stores security credentials, but I removed it and my secure pages still asked me to login and I was able to log in using the users that I have in jazn-data.xml and the users that I have in my weblogic server.
It's not used for that, and if you are defining the database connection on weblogic server you should not need it, but in development time when you define database connection, or any connection that has password for that matter the cwallet.sso is the one that save and hash this password so that when you copy the project to another person it still works fine.
I have an scheduled agent that is trying to access a database on another server. When it runs I get an error 4063 - Database ...databasename... has not been opened yet.
The servers is listed in the ACL as manager.
What are some other possible causes for this errors?
Does the other server trust the server executing the agent? Check the server document -> Security -> Trusted servers.
It's possible to get a handle to a database without opening it. If you try and call most methods without opening it first then you will get that error. The most likely explanation though is that you don't have access to open it.
What id signed the agent? Probably not the server. The agent will run with the authority of the agent signer, so that is the id that needs to be in the ACL of the database you are trying to open.
There are a whole bunch of rules about how agents can run under different authorities and on behalf of different users. That can get pretty complex if the situation requires it. But check the agent signer has rights to open the database first then look at any "run on behalf of" settings.
Check the server document of the server, where the database resides. In the Access server section does the Trusted servers field contains the name of the server, where the agent runs?
One tip: print out beforehand db.Server and db.Filepath to see what exactly you are trying to open.