Thursday, September 22, 2016

When your Domino app meet the cloud, IBM Connections or Microsoft Azure!

I'm proud to announce that we leveled off our support of cloud integration. In previous posts, I showed how you deploy an application to IBM BlueMix or Microsoft Azure. Now, not only you can deploy to these environments, but you can use their core services. In particular, you can seamlessly leverage their authentication capability and use their directory service.
Before I go further into the technical details, let's watch the nice, short video recorded by our propaganda minister, Mr John Tripp: Darwino Pluggable, Pervasive Authentication



Neat, right? With no coding, just a configuration change, one can switch from a local LDAP, form based authentication to cloud OAuth against IBM Connections cloud or Microsoft Azure Active Directory! Again, with no code change.

To enable this magic, Darwino uses 2 main components

  • A user directory service.
    This service gives a generic access to all the directory functions: authentication, user data (profiles...), queries (user search, typeahead...) in a platform agnostic way. It can connect to virtually any directory, ranging from LDAP (Domino, Active Directory, Tivoli...) to IBM Connections or Microsoft Azure Active Directory (including the Azure Graph API). Plus it allows the extension of the user information through the use of data providers. For example, the user information can come from the Microsoft Graph API, extended with information coming from LinkedIn!
    All of this from a single, comprehensive API. But even if the API is generic, you can still access some platform specific information like, for example, the IBM Connections profile payload as XML.
  • A JEE filter that provides the authentication service to the application.
    This filter uses the current directory configuration to authenticate the user using the best method for a particular directory described above: Basic, Form, OAuth, SAML... Or just use what coming from the web application server (SPNEGO, WebSphere VMM...). Finally, the filter makes available a User object representing the current user, with all its attributes. As metioned earlier, the attributes can be an aggregation from multiple directories. Plus, it allows dynamic roles based on the current application and/or the current tenant.
    This object is user all over the platform for security purposes: access to service, database access control, workflow...
In conclusion, Darwino isolates you from the actual directories you want to use, by providing a consistent, generic API connecting to virtually any existing service, on the cloud or on-premises.

0 comments:

Post a Comment