Problems connecting devices to Lotus Notes Traveler with Session Authentication enabled.
Many customers have reported issues connecting various device types to Lotus Notes Traveler when Domino Session Authentication is enabled. The problem is that many devices do not support HTML form based authentication. Form based authentication is enabled by default on the Domino server if you have Session Authentication enabled. If having any problems connecting any devices to Lotus Notes Traveler please read the rest of this article to ensure HTML Form Based authentication is disabled for the Lotus Notes Traveler server URLs.
This behavior is a little different from releases prior to 8.5.3 Upgrade Pack 1. In prior releases the Domino servlet manager would allow anonymous access if configured on the server. When detected Lotus Traveler would route the Anonymous access to a 401 challenge. In the new release, the Domino servlet manager is not used and the HTTP OSGI servlet container is not allowing Anonymous access so all access is challenged with an HTML form based login prompt.
How to check if form based authentication is enabled
To see if form based authentication is enabled for the Lotus Traveler URLs use an Internet Explorer browser and point to these URLs on your server.
or if SSL is enabled:
If form based authentication is enabled you will see an HTML form for authentication instead of a pop up window (see images below). If form based authentication is enabled for any of these URLs please read below for instructions on how to disable HTML form based authentication for the Lotus Notes Traveler server URL paths.
Form Authentication (form contents may vary):
How to disable form based authentication for the Lotus Notes Traveler URL Paths.
In order to disable form based authentication and enable basic authentication (401 pop up challenge) you need to use Internet Site documents. Once Internet Site documents are enabled and an Internet Site document for web protocol is created, restart the server and the Traveler server will add the correct Session Override rule upon startup. Steps to manually create the override rule are shown below for reference.
- Enable Internet Site Documents On the server document Basics tab enable "Load internet configurations from Server\Internet Sites documents:" and save the server document.
- Create the Internet Site Document
From Configuration, Web, Internet Sites select Add Internet Site, Web and fill in these fields:
Note At this point if you restart the Domino server, the Traveler server should take care of the remaining configuration changes. Review the remaining steps to verify proper configuration.
- Descriptive name for this site: Any name is fine.
- Organization: The Domino organization
- Host names or addresses mapped to this site: host name and/or IP address of this Traveler server
- Domino servers that host this site: The Domino server name of this Traveler server.
- On Configuration tab change any desired configuration parameters.
- On Domino Web Engine tab, enable Session Authentication with same parameters as used in the Server Document.
- On Security tab make any addition security configuration changes including SSL settings.
- Save and close the Internet Site document
- Create the Session Override Rule
Open the Internet Site document created above and select Web Site... Create Rule
- Description: Any description will do
- Type of rule: Override Session Authentication
- Incoming URL pattern: /traveler*
- If not already done, restart the Domino server
- Re-try the URLs from above. All should now generate a 401 pop up challenge.
For additional information on using Internet Site documents please see the appropriate Domino documentation.
Domino Product Documentation