help with LL authentication

[CMTT]

Hi,

need some help on how to do LL authentication with certificates.
We have apache 2.2 that requires clients to use client certs to access the server but can't figure out how to integrate it with LL server instead of using LL's username/password service ...

Apache redirects to LL once the client cert is accepted.
Any help/documentation is much appreciated.

 

[appnair]

A public key (cert ) is used when you need https or some other mechanism such as decrypting a cookie as in SAP SSO mechanisms
If your livelink webserver is https then you do not have to do anything specific to get https going on.The CA cert is put in the webserver's trusted store that is all.All traffic to and fro livelink is thus encrypted

Are you saying that a user who is authenticated by apache server against a directory server of some kind needs to get into livelink bypassing the login/password screen.In that case you will need to put authentication in livelink to external using a module called directoryservices which is sold by OpenText.

Well, if I called the wrong number, why did you answer the phone?
James Thurber, New Yorker cartoon caption, June 5, 1937
Certified OT Developer,Livelink ECM Champion 2008,Livelink ECM Champion 2010

http://www.tek-tips.com/faqs.cfm?fid=2884

http://www.linkedin.com/in/appunair

 

[CMTT]

It is not authenticated against a directory server. Apache just ensures the client has a cert that has been signed by a particular CA. The CA cert is put into apache's trusted store and traffic from apache to LL is just over port 80...

I need LL to be able to read the cert and grab the username from their and authenticate the client that way rather than the basic LL username and password.

 

[appnair]

it sounds versy similar to MYSAPSSO2 authentication that I have done integrating livelink and other products of OT for SSO.However SAP had help in the way of documentation and examples.It is exactly what you said,we decrypt the cookie and get the users in it.When the user hits the webserver does it issue a cookie.can you parse the cookie info ?

Well, if I called the wrong number, why did you answer the phone?
James Thurber, New Yorker cartoon caption, June 5, 1937
Certified OT Developer,Livelink ECM Champion 2008,Livelink ECM Champion 2010

http://www.tek-tips.com/faqs.cfm?fid=2884

http://www.linkedin.com/in/appunair

 

[CMTT]

As far as I can tell (not versed well in this tech area) their is no cookie issued just a client's cert is requested by apache. Clients are using smart cards loaded with their certs in them.

The idea is sso but without a policy server (for now).

 

[appnair]

your best options are security smart livelink integrators.PVA I know had helped us once when we had to integrate siteminder and juniper into our livelink.Later OT embraced the same code changes that PVA built for us.Since livelink is used by a lot of "hush hush" government secret clearance companies I am sure you are not the only company that is trying to re-invent this wheel

Well, if I called the wrong number, why did you answer the phone?
James Thurber, New Yorker cartoon caption, June 5, 1937
Certified OT Developer,Livelink ECM Champion 2008,Livelink ECM Champion 2010

http://www.tek-tips.com/faqs.cfm?fid=2884

http://www.linkedin.com/in/appunair