HTTP authentication

This section provides HTTP authentication information.

Problems connecting devices to HCL Traveler with Session Authentication enabled

It is possible for various device types to have problems connecting to HCL Traveler when Domino® Session Authentication is enabled as devices do not support HTML form-based authentication. Some devices tolerate form-based authentication because they provide the authentication credentials on the every request. When the credentials are already provided and are correct, the credentials are accepted regardless of the type of authentication the server is configured to use. When the credentials are not previously provided or are incorrect, the server is forced to challenge the device for the credentials and the devicescannot handle a html form-based challenge: the challenge must be HTTP basic authentication for the devices to correctly handle the challenge and respond with the necessary credentials. Increasingly, modern devices no longer automatically supply the authentication credentials until challenged.

Form-based authentication is enabled by default on the Domino server if you have Session Authentication enabled. Session authentication does not have to be disabled to use form-based authentication, but additional configuration as described here is required to ensure that for HCL Traveler requests, HTTP basic authentication is utilized.

Problems with HTML form-based authentication can present themselves as setup issues for a new account/device, or intermittent issues indicating a problem with the userid/password. If you are having problems connecting devices to HCL Traveler, read the remainder of this section to ensure HTML form-based authentication is disabled for the HCL Traveler server URLs.

Checking to see if form-based authentication is enabled

To see if form-based authentication is enabled for the HCL Traveler URLs, use an Internet Explorer browser to navigate to the following URLs on your server:
  • http://servername/servlet/traveler
  • http://servername/travelerclients
  • http://servername/traveler
  • http://servername/Microsoft-Server-ActiveSync
Or, if SSL is enabled:
  • https://servername/servlet/traveler
  • https://servername/travelerclients
  • https://servername/traveler
  • https://servername/Microsoft-Server-ActiveSync

If form-based authentication is enabled, you will see an HTML form for authentication instead of a pop up window. If form-based authentication is enabled for any of these URLs, please read the following instructions on how to disable HTML form-based authentication for the HCL Traveler server URL paths.

Disabling form-based authentication for the HCL Traveler URL paths

In order to disable form-based authentication and enable basic authentication you must use Internet Site documents. Once Internet Site documents are enabled and an Internet Site document for web protocol is created, restart the server and the HCL Traveler server will add the correct Session Override rule upon startup. To manually create the override rule, perform the following procedure:
  1. On the server document Basics tab, enable Load internet configurations from Server\Internet Sites documents and save the server document.
  2. From Configuration, Web, Internet Sites, select Add Internet Site, Web and fill in the following fields:
    • Descriptive name for this site: Enter any name you wish.
    • Organization: The Domino® organization.
    • Host names or addresses mapped to this site: host name and/or IP address of this HCL Traveler server.
    • Domino® servers that host this site: The Domino® server name of this HCL Traveler server.
    • On the Configuration tab, change any desired configuration parameters.
    • On the Domino Web Engine tab, enable Session Authentication with the same parameters as used in the Server Document.
    • On the Security tab, make any additional security configuration changes including SSL settings.
    • Save and close the Internet Site document.
    Note: If you restart the Domino® server at this point, the HCL Traveler server should automatically complete any remaining configuration changes. Review the remaining steps to verify proper configuration.
  3. Open the Internet Site document created previously and select Web Site... > Create Rule. Fill in the following fields:
    • Description: Enter any description you wish.
    • Type of rule: Override Session Authentication.
    • Incoming URL pattern: /traveler*.
  4. If you are using a device that makes Domino API calls to retrieve data (for example, HTMO), open the Internet Site document created previously and select Web Site > Create Rule. Fill in the following fields:
    • Description: Enter any description you wish.
    • Type of rule: Override Session Authentication.
    • Incoming URL pattern: */api/*
  5. Restart the Domino® server if you have not already done so.
  6. Retry the previously listed URLs. All should now generate a 401 pop up challenge.