Ticket Verifier Architecture
This section describes the architecture of the Ticket Verifier for Lotus Domino connectivity.
The solution comprises the following logical components:
- SAP Enterprise Portal 5.0/6.0/7.0/7.2
- Lotus Domino Server R5/R6/R7
- Ticket Verifier for Lotus Domino
- Security certificate(s) keystore
The figure below depicts the architecture of this solution.
Single-sign-on information is carried in the SAP logon ticket that is stored as an encrypted cookie in the Web browser. SAP logon tickets can be described as pieces of information used for user authentication and single sign-on with SAP systems.
The logon ticket is issued to users when they log on to an SAP system that is configured to create tickets (for example, the SAP Web Application Server or Enterprise Portal).
The Ticket Verifier reads the cookie, obtains the SAP logon ticket, and performs a user look-up with the SAP user stored in the logon ticket in the Domino directory (public name and address book). Finally, the Ticket Verifier logs the SAP user on to Lotus Domino using the full canonical name. There is no need for a Lotus Domino password.
If there is no SAP logon ticket cookie in the HTTP request header, the Ticket Verifier passes the authentication request back to the Lotus Domino server and access to Lotus Domino resources remains unchanged. The Ticket Verifier is triggered only by the existence of an SAP logon ticket cookie in an HTTP request that requires authentication.