Friday, April 24, 2009

Lotus Domino SSL, Don't Force It (updated Post)

Can't save this for SNTT, that's on Yom Kippur.

Evidently one's intepretation of a setting can lead to double trouble.

A URL which should look like this(found on a Lotus Quickr server):
https://www.youarethe1.com/lotusquickr/...

Turned into this:
https://www.youarethe1.com/https//www.youarethe1.com/lotusquickr...

And of course prevents logging in.

The resolution for this odd appearance is the following:
In the Server document of the offending server go to:
Internet Protocols Section
Domino Web Engine Tab
HTTP Sessions Part
Force Login on SSL set it to NO

Setting it to YES caused this dilemna.
I am not going to delve into what this field is for exactly, there is no hover over or click on it help to tell me what it is for....so someone want to enlighten me I will be happy to add it on to this post.

COntinuing now with User Acceptance Testing.

Updated 4/23/2009 Per Patrick's post
Technote:
http://www-01.ibm.com/support/docview.wss?rs=899&uid=swg21283220

7 comments:

  1. I just ran into the same issue. Very odd
    http://www.bleedyellow.com/blogs/patpicos/entry/quickr_using_quickplaceloginform_breaks_logins

    I have opened a PMR to have a better understanding.

    How are you forcing logins to be SSL encrypted?

    ReplyDelete
  2. it just does it by itself if you make these changes. Will connect with you on it.

    ReplyDelete
  3. Enabling your Quickr Server with only SSL traffic is not documented but quite simple. Go to the server document -> Internet Ports -> Web. Set the TCP/IP port status to "Redirect to SSL". Open the placecatalog in your Notes client and open the view "Place Servers". Edit the document according to your Quickr server: PlaceServerAccessProtocol = https and PlaceServerAccessTCPPort = 443. Restart the HTTP task. Now every request to the Quickr server is forced to use SSL. The only disadvantage is that the connector doesn't support redirections to SSL. If a user adds a place he has to use https in the address field for the server.

    ReplyDelete
  4. @codemaster But then you lose the HTTPS connectivity which people want. By changing the one config it works properly.
    Although I can see your thinking, it is an impractical idea to put onto Quickr Admins perhaps.
    Then again maybe not if one is that often creating places. I will think about it some more.

    ReplyDelete
  5. Alright Keith. This is an old post fo yours, but I found the answer non-the-less. So I might as well answer it.

    It forces the login to be via SSL. Although your browser will show HTTP, the actual form action will be over HTTPS.

    See here: http://www-01.ibm.com/support/docview.wss?uid=swg21283220

    ReplyDelete
  6. @John,
    Yes, in time I did get to the bottom of it, as did IBM.
    You will note I did edit the post back in 2009 with that technote.

    ReplyDelete
  7. This comment has been removed by a blog administrator.

    ReplyDelete