HTTP authentication
Session-based name and password authentication is recommended for access to the Traveler endpoint.
Session-based name and password authentication improves performance by only requiring the userid and password information once. For more information on Domino HTTP session-based authentication, see Session-based name-and-password authentication for Web clients in the Domino documentation.
The following sections describe additional HTTP authentication configuration changes required for compatibility with session-based authentication.
Problems connecting devices to HCL Traveler with Session Authentication enabled
It is possible for various device types to have problems connecting to HCL Traveler when Domino® Session Authentication is enabled as devices do not support HTML form-based authentication. Some devices tolerate form-based authentication because they provide the authentication credentials on the every request. When the credentials are already provided and are correct, the credentials are accepted regardless of the type of authentication the server is configured to use. When the credentials are not previously provided or are incorrect, the server is forced to challenge the device for the credentials and the devicescannot handle a html form-based challenge: the challenge must be HTTP basic authentication for the devices to correctly handle the challenge and respond with the necessary credentials. Increasingly, modern devices no longer automatically supply the authentication credentials until challenged.
Form-based authentication is enabled by default on the Domino server if you have Session Authentication enabled. Session authentication does not have to be disabled to use form-based authentication, but additional configuration as described here is required to ensure that for HCL Traveler requests, HTTP basic authentication is utilized.
Problems with HTML form-based authentication can present themselves as setup issues for a new account/device, or intermittent issues indicating a problem with the userid/password. If you are having problems connecting devices to HCL Traveler, read the remainder of this section to ensure HTML form-based authentication is disabled for the HCL Traveler server URLs.
Checking to see if form-based authentication is enabled
- http://servername/servlet/traveler
- http://servername/travelerclients
- http://servername/traveler
- http://servername/Microsoft-Server-ActiveSync
- https://servername/servlet/traveler
- https://servername/travelerclients
- https://servername/traveler
- https://servername/Microsoft-Server-ActiveSync
If form-based authentication is enabled, you will see an HTML form for authentication instead of a pop up window. If form-based authentication is enabled for any of these URLs, please read the following instructions on how to disable HTML form-based authentication for the HCL Traveler server URL paths.
Disabling form-based authentication for the HCL Traveler URL paths
- On the server document Basics tab, enable Load internet configurations from Server\Internet Sites documents and save the server document.
- From Configuration, Web, Internet Sites, select Add Internet
Site, Web and fill in the following fields:
- Descriptive name for this site: Enter any name you wish.
- Organization: The Domino® organization.
- Host names or addresses mapped to this site: host name and/or IP address of this HCL Traveler server.
- Domino® servers that host this site: The Domino® server name of this HCL Traveler server.
- On the Configuration tab, change any desired configuration parameters.
- On the Domino Web Engine tab, enable Session Authentication with the same parameters as used in the Server Document.
- On the Security tab, make any additional security configuration changes including SSL settings.
- Save and close the Internet Site document.
Note: If you restart the Domino® server at this point, the HCL Traveler server should automatically complete any remaining configuration changes. Review the remaining steps to verify proper configuration. - Open the Internet Site document created previously and select Web Site...
> Create Rule. Fill in the following fields:
- Description: Enter any description you wish.
- Type of rule: Override Session Authentication.
- Incoming URL pattern:
/traveler*
.
- If you are using a device that makes Domino API calls to retrieve data (for example, HTMO),
open the Internet Site document created previously and select
- Description: Enter any description you wish.
- Type of rule: Override Session Authentication.
- Incoming URL pattern:
*/api/*
. Fill in the following fields: - Restart the Domino® server if you have not already done so.
- Retry the previously listed URLs. All should now generate a 401 pop up challenge.