Domino AppDev Pack

1.0.13

Act-as-User Overview

This section walks through the Act-as-User feature configuration. When you complete these steps you will be able to run the cfgtest application which shows these features:

  1. A Domino user accessing the Node.js application with a web browser.
  2. The application redirecting the user to the IAM Service, where the user authenticates and authorizes the application to act on behalf of the user.
  3. The application executing the following with the access rights of the authenticated user:
    • Domino Access Service requests for calendar data from the user's calendar.
    • Domino-Db requests to read/write documents in a Domino database.

The key points about this sample application are:

  • The application does not have access to the user's password.
  • The IAM service, as a central service to the Domino server:
    • authenticates users and requires that each user decide whether to allow an application to act on their behalf.
    • maintains a registry of approved applications on the Domino server.

The steps to configure Act-as-User are:

  1. Configure the credential store.
  2. Configure Proton as a resource provider.
  3. Configure the Domino web server as a resource provider.

Act-as-User operation Rules:

  1. Database level 'Act-as-User' operations are controlled by the database ACLs.
  2. Server level 'Act-as-User' operations are controlled by the 'Act-as-User Configurations' in the AppDev Pack configuration database.
Configure IAM serviceConfigure the Domino credential store