Configure the default authenticator 

Configure the backend default authenticator on IBM Connections.


Before you begin

Do not complete this task if you are using Tivoli Access Manager with SPNEGO or SiteMinder with SPNEGO. If you are using those Single Sign-On solutions, configure the KerberosAuthenticator as your backend authenticator. For more information, see the Configure the Kerberos authenticator topic.


About this task

Edit the LotusConnections-config.xml file to configure the authenticator in your deployment.

To configure the default authenticator...


Procedure

  1. Open a command prompt, start the wsadmin client, and enter the following command to check out the configuration file:

      execfile("<app_server_root>/profiles/<DMGR>/bin/connectionsConfig.py")

      If you are prompted to specify which server to connect to, enter 1.

      LCConfigService.checkOutConfig("<working_directory>","<cell_name>")

      where:

      • app_server_rootis the WAS installation directory

      • <DMGR> is the name of the dmgr profile, such as Dmgr01

      • <working_directory> is the temporary working directory to which configuration files are copied and stored while you edit them. Use forward slashes to separate directories in the file path, even if you are using the Microsoft Windows operating system.

      • <cell_name> is the name of the WAS cell hosting IBM Connections. This argument is case sensitive.

          If you do not know the cell name, enter the following command in the wsadmin client to determine it:

          print AdminControl.getCell()

      For example:

      • AIX or Linux:

          LCConfigService.checkOutConfig("/opt/temp","foo01Cell01")

      • Windows:

          LCConfigService.checkOutConfig("c:/temp","foo01Cell01")

  2. Update the value of the custom authenticator attribute by entering the following command:

      LCConfigService.updateConfig("customAuthenticator.name",

      "defaultAuthenticator")

  3. Check the LotusConnections-config.xml file in by entering the following command:

      LCConfigService.checkInConfig()

      For more information about the wsadmin client, see the Starting the wsadmin client topic.

      For more information about editing configuration attributes, see the Change common configuration property values topic.

  4. Update the reauthenticate property in the files-config.xml file. When this property is set to false, and when an IBM Connections application detects a session timeout, users must log in again through the SSO authentication mechanism. To update the reauthenticate property...

    1. Check out the file:

        execfile("<app_server_root>/profiles/<DMGR>/bin/filesAdmin.py")

        Note: If you are prompted to specify which server to connect to, enter 1.

        FilesConfigService.checkOutConfig("<working_directory>","<cell_name>")

        where:

        • app_server_root is the WAS installation directory

        • <DMGR> is the name of the dmgr profile. For example: Dmgr01

        • <working_directory> is the temporary working directory to which the configuration XML and XSD files are copied and are stored while you edit them. Use forward slashes to separate directories in the file path, even if you are using the Microsoft Windows operating system.

        • <cell_name> is the name of the WAS cell hosting the IBM Connections application. This argument is case sensitive. If you do not know the cell name, execute the following command in the wsadmin client to determine it:

            print AdminControl.getCell()

        For example:

        FilesConfigService.checkOutConfig("c:/temp","foo01Cell01")

    2. Update the reauthenticate property...

        FilesConfigService.updateConfig("security.reauthenticateAndSaveSupported", "false")

    3. Check the files-config.xml file in...

        FilesConfigService.checkInConfig()


Parent topic

Enable single sign-on for the Windows desktop
Previous topic: Configure Kerberos and SPNEGO
Next topic: Configure the Kerberos authenticator


Related tasks


Configure the Kerberos authenticator


September 19, 2011 9:58:44 AM
   

 

Sep 19, 2011 9:58:44 AM Submitted by Paddy Barrett on Dec 1, 2011 10:50:59 AM

Re: Configuring the default authenticator

The two sections appear similar but have crucial differences. In your case, where you are using SPNEGO, you need to consult the "Configuring the Kerberos authenticator" topic.

Submitted by Xujin Liu on Nov 11, 2011 9:56:00 PM

Re: Configuring the default authenticator

this section and its next section has the same "Before you begin", which should I select if I use Windows Desktop SPNEGO at all?

});