Configure the Kerberos authenticator 

Configure Kerberos as the backend authenticator on IBM Connections.


Before you begin

Complete this task if you are using Tivoli Access Manager with SPNEGO or SiteMinder with SPNEGO. If you are using other Single Sign-On solutions, do not complete this task. Instead, configure the customAuthenticator as your backend authenticator. For more information, see the Configure the default authenticator topic.


About this task

Edit the LotusConnections-config.xml file to configure the Kerberos authenticator in your deployment.

To configure Kerberos as the default authenticator...


Procedure

  1. Open a command prompt, start the wsadmin client, and enter the following command to check out the configuration file:

      execfile("<app_server_root>/profiles/<DMGR>/bin/connectionsConfig.py")

      If you are prompted to specify which server to connect to, enter 1.

      LCConfigService.checkOutConfig("<working_directory>","<cell_name>")

      where:

      • app_server_rootis the WAS installation directory

      • <DMGR> is the name of the dmgr profile, such as Dmgr01

      • <working_directory> is the temporary working directory to which configuration files are copied and stored while you edit them. Use forward slashes to separate directories in the file path, even if you are using the Microsoft Windows operating system.

      • <cell_name> is the name of the WAS cell hosting IBM Connections. This argument is case sensitive.

          If you do not know the cell name, enter the following command in the wsadmin client to determine it:

          print AdminControl.getCell()

      For example:

      • AIX or Linux:

          LCConfigService.checkOutConfig("/opt/temp","foo01Cell01")

      • Windows:

          LCConfigService.checkOutConfig("c:/temp","foo01Cell01")

  2. Update the value of the custom authenticator attribute by entering the following command:

      LCConfigService.updateConfig("customAuthenticator.name",

      "KerberosAuthenticator")

  3. Check the LotusConnections-config.xml file in by entering the following command:

      LCConfigService.checkInConfig()

      For more information about the wsadmin client, see the Starting the wsadmin client topic.

      For more information about editing configuration attributes, see the Change common configuration property values topic.

  4. Update the reauthenticate property in the files-config.xml file. When this property is set to false, and when an IBM Connections application detects a session timeout, users must log in again through the SSO authentication mechanism. To update the reauthenticate property...

    1. Check out the file:

        execfile("<app_server_root>/profiles/<DMGR>/bin/filesAdmin.py")

        Note: If you are prompted to specify which server to connect to, enter 1.

        FilesConfigService.checkOutConfig("<working_directory>","<cell_name>")

        where:

        • app_server_root is the WAS installation directory

        • <DMGR> is the name of the dmgr profile. For example: Dmgr01

        • <working_directory> is the temporary working directory to which the configuration XML and XSD files are copied and are stored while you edit them. Use forward slashes to separate directories in the file path, even if you are using the Microsoft Windows operating system.

        • <cell_name> is the name of the WAS cell hosting the IBM Connections application. This argument is case sensitive. If you do not know the cell name, execute the following command in the wsadmin client to determine it:

            print AdminControl.getCell()

        For example:

        FilesConfigService.checkOutConfig("c:/temp","foo01Cell01")

    2. Update the reauthenticate property...

        FilesConfigService.updateConfig("security.reauthenticateAndSaveSupported", "false")

    3. Check the files-config.xml file in...

        FilesConfigService.checkInConfig()


Parent topic

Enable single sign-on for the Windows desktop
Previous topic: Configure the default authenticator
Next topic: Configure SPNEGO on IBM HTTP Server


Related tasks


Configure the default authenticator
Starting the wsadmin client
Change common configuration property values
Forcing users to log in before they can access an application
Enable single sign-on for Tivoli Access Manager with SPNEGO
Enable single sign-on for SiteMinder with SPNEGO


September 19, 2011 9:58:44 AM
   

 

Sep 19, 2011 9:58:44 AM

});