klehmann
commented
2 years ago For 12.0.1 GA, core dev added a new method NABLookupBasicAuthentication that validates credentials of users with person documents or LDAP entries. We added support for this in PR #286. Whether more features like cert based logins, TOTP or SAML support are required is to be discussed. Domino's nhttp.exe could act as an IDP in the meantime, e.g. by forwarding the user to a Domino XPage with restricted access (which triggers the configured Domino login procedure) and then redirecting back to Keep, passing the user info (e.g. via OpenID Connect).
That class handles user lookup and password checks in NAB and LDAP, cert based user auth as well as internet lockouts and the new TOTP stuff. Looks like it's used for NotesFactory.createSession(String host, String user, String password) in the legacy API. Our JNX code currently only handles password checks in NAB (HTTPPassword item in person document).