Domino SSO免密登錄

     最近在使用shiro可以免密登錄，還是方便與其它web應用集成的。同樣Domino也要與其它第三方集成，如微信、釘釘、集成企業應用等。Domino自帶的LtpaToken是實現相當安全、便捷實現SSO功能。通過幾篇文章綜合分析實現，可參考。SSO配置實例、Domino單點登錄、剖析LtpaToken。

     以下是測試的幾張圖片，可以參考交流:

function sso(){
	var b=window.location.href;//全路徑
	var URL=b.substring(0,b.indexOf('.nsf')+4);
	$.ajax({
			url: URL+"/SSO?openagent&username="+escape($('#username').val())+"&id="+Math.random()                
	          , dataType:"json"
	          , error:function(errTXT){
	              alert(errTXT);
	          	}
	          , success:function(json){
	          	var Days = 30; 
				var exp = new Date(); 
				exp.setTime(exp.getTime() + Days*24*60*60*1000);
				var token = json.token;
				if(token!=""){
					// 創建單點cookie
					document.cookie = "LtpaToken="+ token + ";expires=" + exp.toGMTString() + ";path=/;domain=.whs.com";
					location.href = "http://www.whs.com/xpages/Bootstrap_demo.nsf/x_index.xsp";
				}
	          }
	     });

}



$(function(){
	$("#token").click(function(){
  		sso();
	});
})

public void NotesMain() {
    	Session session = null;
    	AgentContext agentContext = null;
    	Document doc = null;
    	PrintWriter pw = null;
    	String token = "";
    	String sReturn = "false";
    	String sJson = "";
      try {
    	  pw = getAgentOutput();
          session = getSession();
          agentContext = session.getAgentContext();
          doc = agentContext.getDocumentContext();
          String sPara = doc.getItemValueString("query_string_decoded");
          // 單點用戶名loginName
          //String canonicalUser = sPara.substring(sPara.indexOf("sPara=")+6);
          Hashtable ht =  parseQueryString(sPara); 
          String canonicalUser=(String) ht.get("username");
          //canonicalUser = "CN=ADMIN/O=oas";
          System.out.println("username-->"+canonicalUser);
 
          // 單點起始時間
          Date tokenCreation = new Date(new Date().getTime() - 60000 * 10);
		  String timeLimit="720";
		  // 單點到期時間
		  Date tokenExpires = new Date(tokenCreation.getTime() + Long.parseLong(timeLimit) * 60000);
		  // domino SSO 密鑰（domino SSO配置文檔的LTPA_DominoSecret域值）
		  String dominoSecret = "XbX+********w=";
		  token = LtpaToken.generate(canonicalUser, tokenCreation, tokenExpires,"abc","def", dominoSecret).getLtpaToken();
		  //System.out.println("token==ssobak==="+token);
		  //if(LtpaToken.isValid()){
			  sReturn = "true"; 
		  //}else{
			 // sReturn = "false"; 
		  //}
		  //DominoTokenParser tokenParser = new DominoTokenParser();		   
		  //System.out.println("用戶名:"+tokenParser.parse(token,dominoSecret));
		  
      } catch(Exception e) {
          e.printStackTrace();
       }finally{
    	   pw.println("Content-type: text/plain;charset=GB2312");
    	   sJson = "{\"oResult\":\""+sReturn+"\",\"token\":\""+token+"\"}";
    	   System.out.println("sJson="+sJson);
    	   pw.println(sJson);
    	   
    	   //回收domino對象
    	   fnRecycle(doc);
    	   fnRecycle(agentContext);
    	   fnRecycle(session);
    	   
    	   if(pw!=null){
				pw.close();
			}
       }
   }