Wednesday, August 22, 2007

More on SSO between Sharepoint and Connections

View Comments
Here are the tree options that we came up with, thanks to the help of a co-worker Martin Lansche.

3 options:
1)  SPNEGO (2-4 weeks; most of the effort is having computers join the Active Directory domain)
    Pros:
        Full SSO between the desktop and the web applications.  Only one sign-on to the user's PC and they are logged on to all the web applications!!
        No extra coding (out-of-the-box functionality - in WAS v6.1)
        Bi-directional

    Cons:
        Need all user computers to join the Active Directory domain (will the customer let us?)

2)  HTTP Headers (1-2 week)
    Pros: 
        No need for computers to join a domain

    Cons:
        Needs to go to Sharepoint first
        Needs customization to Sharepoint
        Only works one way:  Sharepoint to WebSphere (users need to sign on to Sharepoint, then go to Connections)
        It's a hack - not secure... not how it would be done in production
   
3)  URL attributes  (1-2 week)
    Pros: 
        No need for computers to join a domain

    Cons:
        Needs to go to Sharepoint first
        Needs customization to Sharepoint
        Needs to develop code on the WAS side (custom TAI adapter)
        Only works one way:  Sharepoint to WebSphere (users need to sign on to Sharepoint, then go to Connections)
        It's a hack - not secure... not how it would be done in production
 
We are currently leaning on option #1.  Stay tuned...

Tuesday, August 21, 2007

SSO between Connections and Sharepoint

View Comments
Continuing on this subject of single sign on, the customer has now requested SSO between Microsoft Sharepoint and Lotus Connections.  There are several ways to do this:
  1. Use a product such as TAM/WebSEAL, which can be tricky to implement but the cool thing is that it not only allows SSO between web applications, it can also be used for SSO between the desktop and Lotus Connections.
  2. Develop a custom Trust Association Interceptor (TAI) for WebSphere.  This minimizes the cost, but requires a Java Developer to know WebSphere's TAI API in order to do this.  If you haven't heard of,or don't know what TAI is, it's awesome!!! It's really "easy" to use.  The disadvantage is that it only works if one web application links to another and can pass the username of the current user as part of the URL or in the HTTP headers.
  3. Use TAM eSSO, a client-based utility which stores passwords.  The problem with this is that it's not really SSO.  Users will still be prompted for a username/password, but it will be automatically entered by this utility that must be installed into each user's PC.

We are currently going to pursue #2 and see how far we can get.  We are a little bit strapped for hours, so we may not be able to finish this, and as I said before, I need to figure out whether Sharepoint can create URLs to Connections and embed the username in the links.

Friday, August 3, 2007

Beautiful story on social software!

View Comments

So, on Tuesday I blogged internally about integrating Microsoft Sharepoint feeds into Notes 8. Basically, I had a hard time getting it to work until I figured out a hack. Several minutes later, a co-worker, who I've never met before, enters a comment on my blog explaining he knows how to configure Microsoft Sharepoint RSS feeds so that they can be accessed anonymously. I comment back on my blog asking to get instructions on how to do this.

The next day, while I'm working at the customer site, I get an instant message from him! Thanks to Sametime's 'Location Awareness', he says that he sees that I'm in Detroit working for the same customer that he is!! He tells me that he is in building 200, floor 25 and asks me where I'm located. I replied back that I was in tower 200, floor 27! He came up to where I was sitting and we were able to exchange war stories. It was great bonding between two IBMers who had just met.

Thanks to a blog that I wrote using Lotus Connections, I was able to make a real-life connection and solve my problem!

Thursday, August 2, 2007

Yeah Baby!! I added presence awareness to Connections with LCS

View Comments
Oh yeah!!! So I finally did it.  I was able to get presence awareness into Profiles using Microsoft Live Communication Server, instead of Sametime.  Now, as you know from a previous post, I was planning on using the AJAX API that Microsoft provides.  However, due to my somewhat limited knowledge of AJAX and limited bandwidth on this project, I wasn't able to do that.

Instead, I'm using what Microsoft calls as the 'Persona Controls'.  This makes integration VERY EASY... but with that 'easiness' comes some caveats:
  • Integration only works on IE
  • Integration only works on those computers where the Microsoft Office Communicator 2005 client has been installed and configured

Since this is for a demo/POC environment, we are getting away with it.  It's not the prettiest, but it's there.  Check out what it looks like in these screenshots: