Two-factor Authentication for IBM Domino XPages - xpages

I am a new Domino XPages developer. Does anyone know of a Two Factor Authentication solution for Xpages.

You don't authenticate with an application on Domino. (That's true whether it's built with XPages or not.) You authenticate with the server. IBM does not support two factor authentication for Domino, but a simple google of "lotus domino two factor authentication" will bring up results that include a few vendors of 3rd party solutions that work with Domino. You will, however, have to approach this as a systems admin issue, not a development problem, so if you have any follow-ups they will belong on ServerFault instead of StackOverflow.

Look at https://www.duosecurity.com/product/applications/api which you could use after user successfully authenticates against Domino server.

Related

Is there 'switch user' add-on available for Node.js that behaves similar to the Grails plugin

I have a Grails application where we use the Grails Spring Security plugin to allow an admin to easily switch (or assume) another user. This has proven to be very useful for admins to debug user issues and for our testers to jump between roles.
Is there an easy solution available for Node.js that is similar to this Spring Security feature? Note that we're using JWT to auth every request, so not using server based token like Spring Security would.
No, but only because there is no equivalent security plugin for Node in the first place. There are popular projects such as http://passportjs.org/ that can provide functionality in this category, and each offers varying levels of support for what you're asking. But your request isn't relevant to NodeJS Core. User authentication and authorization are not core modules of that project.

Trial software for Lotus Notes client server scenario

I'm in a software project and need to take care of a component that connects to a Lotus Notes server in order to create users, assign authorization groups etc.
I would like to configure a basic client / server scenario on my own hardware to familiarize with the Notes technology but I have only found trial versions for client software components like Domino Designer. I would expect that a Domino server is also required.
Does anybody know whether. and if yes, how I can get the required server components? Or is it required to purchase a license?
Many thanks in advance for every reply.
You can download a trial of IBM Domino here:
https://www.ibm.com/developerworks/downloads/ls/lsds/
http://dominodeveloper.net offers a free development server option that I have used successfully in the past. Always worked well for me.

Best books or resources on web application security and user authentication?

I'm looking to learn more about web application security and user authentication as it applies in 2013 and beyond across technologies like PHP, Java + Spring, Python + Django/Flask, Ruby on Rails, and all modern application frameworks.
Anyone have any good suggestions?
I gleaned some from a popular security.stackexchange post but most of these are dated:
The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws
The Tangled Web by Michal Zalewski
Writing Secure Code v2 from MS Press
Any suggestions would be appreciated!
We have used spring security (Acegi Security) in various features like ( Database Authentication, LDAP Authentication, Web Authentication, Domain Authentication) in my project.
Please find the references.
http://www.springsource.org/spring-security
http://www.springsecuritybook.com/
http://static.springsource.org/spring-security/site/docs/3.2.x/reference/springsecurity-single.html

CASifying Liferay

I think that this is an usual question, but I'm reasking it cause I didn't got a real good question.
So, I have Liferay 6.1 CE running on Tomcat 7, and I want to import the users from an LDAP server and then make an SSO with CAS.
In my Portal, I have other application integrated (here also I have a problem with the integration of Alfresco) who need to be logged in also with the credantials from LDAP, this is why I need an SSO solution, like CAS.
How can I face this issue ? is there anyone who could help me fixing all this ?
Any information can help me, I have to accomplish all this in two weeks...I hope that everything that I'm asking are feasible.
Thanks & Regards
Liferay provide all necessary infrastructure to resolve your requirement. Look for CAS and LDAP at portal.properties https://github.com/liferay/liferay-portal/blob/master/portal-impl/src/portal.properties and configure this in your portal-ext.properties Liferay: How to configure Liferay Portal
You have two tasks here, importing users from LDAP and authenticating users with CAS. You can configure both from the Control Panel (UI) or the portal-ext.properties file. If you configure using both methods and there's a property conflict, the Control Panel settings take precedence.
Importing users from LDAP isn't difficult (I've done it in both 5.2.3 and 6.1), although importing/not importing the password can be confusing. Try tackling this task first and make sure you're able to authenticate against LDAP. I'd recommend using an authentication chain (multiple means of authentication where if one method fails, a second method will be attempted, and so on). It would be useful to configure it this way in the event of an outage with CAS so you don't have a single point of failure. Note: If you use portal-ext.properties, be sure to read this post and add properties mentioned (even if you aren't going to use them):
ldap.user.custom.mappings.1=
ldap.contact.mappings.1=
ldap.contact.custom.mappings.1=
Regarding authentication against CAS, I've been using it for a couple years on Liferay 5.2.3, and in my experience it's worked very reliably.

Lotus Notes Application, Web Based Converting

Does anyone have tips or an ebook that can give me a good foundation on how to create applications in lotus notes using web browsers instead of clients. Links or tips are much appreciated.
Thanks!
Books are a good starter. But you'll find there is alot more to it than you see in books. So, here is a quick list of places to look.
Books
You've got these options for books (all downloadable as eBooks to)
Classic Web development prior to Notes 8.5 -- Reviews here and here
Latest Web stuff with Xpages if you have Notes 8.5+ (kindle/paper)
There are IBM wiki's (html). But have found the IBM wiki experience underwhelming. (The adjectives "half-ar$ed" and "piece-meal" comes to mind alot when reading these.)
IBM's redbook site (pdf/html) has better produced content than the wiki's.
Sites
One of the best web development tip/technique sites for the trickier problems is codestore.net and nsftools.com
OpenNtf a well used site for free code and solutions written by alot of smart people.
Quite a few good bloggers have "coagulated" on planetLotus
Try Searching for XPages in Google. Or start here
If you enable http on the server, you should be able to see your domino applications from the web. You then need to modify them to make them a bit more web friendly. The basic technique for this is to have 2 design elements with the same alias, hide one from notes and the other from the web. This will make it a bit easier to make it functional from both the client and the web browser.
Other functionality which makes this a bit easier would be 'Pass through HTML', the Domino CGI Variables and the 'WebQueryOpen' and 'WebQuerySave' events. As Jasper points out, XPages is the new sparkling way to do this, but it might not be an option for existing systems (It requires the latest version of Domino server). Good Luck!
What version of Domino are you running? If it's an 8.5 variant, I would suggest you use XPages to bring your old client apps to the web (XPages are not an option in releases prior to 8.5).
As to how you go about this, that's well beyond the scope of an answer on Stack Overflow: it's a book in and of itself! To learn about web development with XPages, I suggest visiting some of the well-known sites out there, and perhaps picking up a course or two. Here are some links:
http://xpages101.net
http://www.qtzar.com/blogs/qtzar.nsf/htdocs/LearningXPages.htm
http://notesin9.com/
(Also, IBM publish a book on XPages development, although I've not read it).
With regards "classic" Domino development, your best bet is to view your existing Notes app in a web browser and then start hacking on the default HTML generated (which is nasty). The best single resource out there for classic Domino web development tips and hacks is Jake Howlett's Codestore
Start small, build yourself a small database with a subset of data and explore what you can do. I've been a notes client developer for 10+ years and doing domino web work for last three or four years and still on steep learning curve. Its a very powerful platform but you also need to know html as on many occasions the html that you see in the browser helped me pin down the faults in my application code.

Resources