I have blogged about a technique...
To sum up, we need a LtpaToken for web-based authentication. We have ability to create an LtpaToken inside Notes client using a Java method of the session object. So my solution has two parts.
A java agent that produces a valid LtpaToken for the authenticated user on the client side. We are calling this java agent from any Lotusscript routine.
The second part is a redirection web page on any database that can be accessed anonymously. This might be a Lotusscript agent, servlet or XAgent. It will get LTPAToken and a target URL from a GET request, add the LTPAToken into cookies and redirect the user back to the target URL.
In Lotus Notes client, any Lotusscript action might call the Java agent, acquire a valid LTPAToken and launch a constructed URL which points to the redirection web page with necessary parameters.
There is a couple of bugs I have detected on Domino Web server. For details of the technique and workarounds about these bugs, you might refer to my blog entry.