Skip to content

Configure Domino REST API IDP with Volt MX Foundry Identity Service

Caution

The Domino server task communicates with the REST API through the KeepManagementURL. It has a default value of http://localhost:8889. You can overwrite this setting in the notes.ini by editing, or creating if missing, the entry KeepManagementURL (case sensitive). Having configured a TLS certificate, you need to make sure the entry starts with https:// and uses the host name your TLS certificate has been issued for. localhost, 127.0.0.1 or ::1 won't work. Configuring TLS doesn't change the port. So when you host, your TLS certificate is issued for, is domino.demo.com and your old entry was missing or is the default of http://localhost:8880, then your new value needs to be: https://domino.demo.com:8889. For more information, see Domino REST API task and ports.

About this task

Domino REST API implements what essentially amounts to an OAuth2 Provider DominoIDP and Volt MX Foundry implements an Integration Service adapter for OAuth2 providers. The following is a guide for creating a Foundry Identity Service using Domino REST API's OAuth provider.

Prerequisite

Create Foundry Identity Service

Some things to note when creating an identity service in Volt MX Foundry using Domino REST API IDP-lite (also refer to the screenshot below):

  1. Create a new Identity service in the Foundry browser console by filling in the fields:

    • Type of identity = OAuth 2.0
    • Grant Type = Authorization Code
    • Authorize Endpoint = [your Domino REST API API server]/oauth/authorization
    • Token Endpoint = [your Domino REST API API server]/oauth/token
    • IMPORTANT - make sure to select Form Param under Advanced.
    • Take note of the Callback URL.

    Pause here for a moment (don't save yet), and complete the steps for setting up Domino REST API databases and applications.

    • Scope = database name (API Name) for the database added in the next step; if more than one database, you should be able to enter a list of database names; check Domino REST API documentation to see how the names are delimited (perhaps a comma or space, but to Domino REST API it simple, just enter one db name if uncertain about how to specify multiple).
    • Client ID = App id from the application created in the next section below.
    • Client Secret = Obtained when you first create the application (next section).

  2. Now you can Save.

voltmx identityprovider keepidplite

Set up Domino REST API application and database

From the Domino REST API Admin browser client:

  1. Add a database, and note its name (API name, when you create the DB in Domino REST API).
  2. Create an application, and note its client id, and client secret.

Note

When you create the application, you'll need the callback URL defined earlier.

Domino REST API create application

The App id (Client ID) is available any time you view a created application. The secret is shown only when the secret is created the first time. If you forget the secret, generate a new one by clicking the circular arrow as indicated in the following image:

Domino REST API application id and secret