Integration with IBM Connections

Authentication, User Directory, Community Applications

IBM Connections Integration Points

• Provides easy access to IBM Connections APIs and services• IBM Connections as a User Service

– Provides user information and basic authentication• IBM Connections as an authentication provider

– Can use Basic authentication or OAuth 2.0• Creating IBM Connections Community Application

– Using the studio to deploy the application– Use the community ID as a tenant

• Make each community deal with its own, isolated data set

IBM Connections Endpoint

• An endpoint is provided by a bean of type ‘darwino/ibmconnections’• The bean provides some connections helpers

– Hides differences between on-premises and cloud deployment– Preconfigured HTTP client with the proper credentials– Encapsulated Profile & Communities access– Some utilities, like the ATOM XML namespaces

• Is the access point for the other Connections related services

Configure IBM Connections User Service

• An IBM Connections Endpoint should be available• A Connections UserDir bean should also be created

• Discussion database demo

<bean type="darwino/userdir“ name="base“ class="com.darwino.ibm.connections.IbmConnectionsUserDir“>

Configure IBM Connections User Data Provider

• An IBM Connections Endpoint should be available• A User Provider should also be provided

– The users handled by the provider can be filtered– An identity mapper should be provided if the ID is not the connections ID

<bean class='com.darwino.ibm.connections.IbmConnectionsUserProvider'> <property name='emailFilter'>*@triloggroup.com</property> <property name='identityMapper'> <bean class='com.triloggroup.darwino.user.TGLC45IdentityMapper'> </bean> </property></bean>

IBM Connections OAuth2 Authentication

• IBM Connections authentication is handled by the custom Darwino authentication servlet filter in web.xml– keepCredentials – gives access to the credentials when calling the services– sessionToken – Store the credentials in the HTTP session (default) or as a cookie

<filter> <filter-name>DarwinoAuthentication</filter-name> <filter-class>com.darwino.j2ee.servlet.authentication.AuthenticationFilter</filter-class> <init-param> <param-name>modes</param-name> <param-value>com.darwino.ibm.connections.auth.IbmConnectionsOauth20Handler</param-value> </init-param> <init-param> <param-name>keepCredentials</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>sessionToken</param-name> <param-value>true</param-value> </init-param></filter>

IBM Connections Community Applications

• IBM Connections community applications are HTML widgets that execute in an iFrame

• The widgets are receiving initialization information with the community id, the current user, …

Create a Community Application

• A community application is defined through a JSON description file that must be deployed to IBM Connections Cloud– https://

www-10.lotus.com/ldd/appdevwiki.nsf/xpDocViewer.xsp?lookupName=Dev+Guide+topics#action=openDocument&res_title=Creating_Communities_apps_with_the_URL_Widget&content=sdkcontent

• The studio allows developers to browse the existing applications and deploy/update them

Use the Community ID as a Tenant

• Darwino URLs with a tenanthttp://myserver/myapp/[[tenant_id]]/whatever

• Ex: Darwino Demo/todolist– The widget main page redirects to the index.html page with the tenant– The runtime automatically grabs the tenant id and uses it as the current tenant

Resolving User Roles Based on the Community

• Darwino provides a custom role resolver thatcom.darwino.ibm.connections.usercontext.CommunityContext– Uses the tenant id as the community id– Assigns the role owner or member, if the user is an owner or member of the

community• Does the proper caching for performance

TODO List Demo

Thank you for your attention!