#include virtual="adsense.html"

 

 

Configure IBM Lotus Domino Enterprise Server mail and appservers and WebSphere Portal to work together

 

+
Search Tips   |   Advanced Search

 


 

Overview

  1. Understanding Domino mail or appservers
  2. Loading the HTTP task
  3. Enable the database drop-down list feature by enabling the DIIOP task and allowing users the ability to run Java agents (optional)
  4. Enable single signon between WebSphere Application Server and Domino servers

 

Understanding Domino mail or appliaction servers

The Domino Web Access (iNotes) and Notes and Domino portlets are designed to work with your Domino mail servers and Domino appservers. Collaborative Services can communicate with these servers over HTTP and DIIOP. The HTTP task is required for the portlet to work. The DIIOP task is optional and provides the database drop-down server list feature for the Domino Web Access (iNotes) portlet, Notes and Domino portlet, Domino Document Manager portlet, and the My Lotus Team Workplaces and Inline Team Workplaces portlets.

 

Loading the HTTP task

All Domino mail and appservers that are configured to work with a portlet must be running the HTTP task. To enable the HTTP task in Domino, issue the following command on the Domino server:

load http

To enable the HTTP task to load automatically every time the Domino server starts, peform the following steps:

  1. Open the notes.ini in the Domino Program directory.
  2. Locate the line ServerTasks= and add ,http to the end of the line.
  3. Save and close the file.

For more information on the HTTP task, refer to the Domino Administration Help.

 

Enable the database drop-down list feature by enabling the DIIOP task and allowing users the ability to run Java agents (optional)

To enable the database drop-down list, two tasks are provided in this section: enabling the DIIOP task and allowing users the ability to run Java agents.

If you load the DIIOP task, users who have the appropriate access to edit some collaborative portlets will see the database drop-down list feature for those portlets. If you do not load the DIIOP task, users must manually enter the database they need in the portlet.

To enable the DIIOP task in Domino, issue the following command on the Domino server:

load diiop

To enable the DIIOP task to load automatically every time the Domino server starts, peform the following steps:

  1. Open the notes.ini in the Domino Program directory.
  2. Locate the line ServerTasks= and add ,diiop to the end of the line.
  3. Save and close the file.

For more information on the DIIOP task, refer to the Domino Administration Help.

Next, perform the following steps to allow users the ability to run Java agents.

  1. Start the Domino administrative console.
  2. Open the address book from the desired server.
  3. Navigate to the Server - Servers view
  4. Double click on the server document that you want to configure.
  5. Make the following configuration changes to the server document:

    1. On the Basics tab, make sure the Fully Qualified Internet Host Name field contains the fully qualified name that you enter in the browser to access this server.
    2. Switch to the Ports tab. On the Notes Network Ports sub-tab, make sure the top line has the Port set to TCPIP and the Net Address set to the fully qualified name of the server. Make sure this port is set to Enabled.
    3. Switch to the Internet Protocols tab. On the HTTP sub-tab select Yes for the option Allow HTTP Clients To Browse Databases.
    4. Switch to the Security tab. For troubleshooting and development purposes set the following two fields to * under the Programmability Restrictions section:
      Run restricted Java/JavaScript/COM: *
      Run unrestricted Java/JavaScript/COM: *
      

      Note: You might want to restrict these fields to a subset of users. If you do this, note the following information:

      • The Domino server to which you are connecting must be included with the full Domino hierarchical name (for example, kingston/itso). Next, add any users or groups who you want to receive a list of databases when placing a portlet in edit mode. You can also use an asterisk (*) as a wild card.
      • If you want to add the user wpsadmin, add the following to the field: uid=wpsadmin/cn=users/o=ibm/c=us. To add all members in the /o=ibm/c=us organization, add the following to the field: */o=ibm/c=us.

Note: If you experience problems with the drop-down server list, see the following troubleshooting technote: Troubleshooting Pickers in Lotus Collaborative Portlets, technote number 1157249. This document can be found here: http://www.ibm.com/support/docview.wss?rs=0&uid=swg21157249.

Automatically find my mail database: The Domino Web Access (iNotes), Notes Mail, My Inbox, My Calendar and My ToDo have a setting in edit mode to automatically detect the logged on users mail file. If this enabled, users will not need to make any modifications to the portlet for it to work with their mail file, they simply need to login into portal, and their mail file will appear in the portlet.

Server picker: All the Domino portlets and the Lotus Team Workplace Inline portlet have a number of pickers when placed in edit mode. The first of these pickers is the server picker, where a list of Domino servers will appear for the user to select from when choosing to what Domino server the portlet will connect.

  • Access to the Domino server, specifically user and group access to portlets that require Domino-based features and applications.
  • Internet Inter-ORB Protocol (IIOP) on servers that host databases that portal will access. Collaborative portlets and components use IIOP to access and retrieve information from Domino databases. If IIOP is running, portlets that access Domino-based databases include a picker feature that is available to portlet users. The picker feature displays a list of content from Domino databases from which the portlet user can select. Although IIOP is not required, it is useful feature for the portal user.

The following information topics are provided in this section:

 

Configure Domino server with the Domino administrative client

The following instructions are specific to Lotus Domino 5.0.12, which is shipped with some versions of WebSphere Portal. For information on configuring another version of Domino that is supported by WebSphere Portal, see the Domino documentation for details. To configure the Domino server to support WebSphere Portal:

  1. Start the Domino administrative client and type the administrator password.
  2. Open the Domino Directory database (names.nsf) for the server.
  3. Accept the default settings for Directory Profile and click Save and Close.
  4. Open the Server document.
  5. Click the Basics tab and complete the following fields:

    • Verify that the server name field is correct.
    • Domain name. The Domino domain name should be automatically entered here when the server is registered; if not, enter the Domino domain name.
    • Fully qualified Internet host.name, for example, Srv1.Acme.com.
    • Administrator. Fill in the name(s) of any administrators who should have access to this server. Depending on your deployment model, you might want to specify additional administrators in this field. The administrators are specified on the Security tab under Server Access.

  6. Click the Security tab and specify the following settings:

    • Server Access. Use the Access Server field to give users access to the server. (You usually do this through a group.)

      Important: If you leave this field empty, all users who can connect to the server will have access to Domino; this creates a potential security risk.

      Note: Be sure to give all users whom you want to use Domino access to the server. If you don't, any users without access to the server will not be able to run Domino.

      Leave Create new databases empty

      Leave Create replica databases empty.

    • Agent Restrictions and Java/COM Restrictions. For all fields, add users or groups for whom you want to give access to the portal.

      Notes:

      • Using an asterisk wildcard is useful in a test environment, but in a production environment, you may want to restrict the list to trusted individuals and groups.
      • IIOP must also be running. If IIOP is running, the picker feature in a portlets' edit mode will be enabled. The picker feature enables browsing of a given server. See Ensure that IIOP is running for more information.

  7. On the Internet Protocols tab, do the following:

    1. Select the HTTP subtab, and ensure that the following settings are specified:

      • Host Name

        The fully qualified host.name of the server, for example, Srv1.Acme.com

      • Basics

        Set Allow HTTP clientsto browse databases to Yes.

        This enables the server and database selection lists that appear when users edit the properties of Lotus collaborative portlets.

    2. If you want to display text in Lotus collaborative portlets in non-Western languages, change the settings under Character Set Mapping appropriately. For example, change Use UTF-8 for output to Yes to display double-byte character sets in Web browsers.
  8. On the Ports tab, ensure that the following settings are specified:

    • Port field: A valid network port (for example, TCPIP)
    • Notes Network field: TCPIP Network
    • The server's network address is specified by either the server's numeric IP address or the server's fully qualified host.name. The fully qualified host.name is preferred; for example, Srv1.Acme.com.
    • Enabled field: Enabled (for the valid network port specified in the Port field)

      Make sure that the remaining Enabled fields are set to Disabled to prevent unnecessary error messages from displaying on the server console.

    • Internet ports tab - IIOP tab. Ensure that the TCP/IP port is enabled and that the name and password is set to Yes for the Authentication Options.

  9. Save and close the Server document.
  10. Push the server configuration to the secondary servers that host Lotus collaborative functionality for the portal, for example, Collaborative Services and Notes-based portlets.
  11. Restart the server after making these changes.

 

Ensure that IIOP is running

Collaborative portlets and components use IIOP to access the Domino server and get information from databases. To set up Domino IIOP (DIIOP) settings, load the IIOP task to your Domino console, or add it to the ServerTasks value in the notes.ini file of your Domino server (Lotus\Domino\notes.ini), and then restart the server.

If you are using the IBM HTTP Server as Web server in your portal environment, the collaborative portlets and components go to this server to get the diiop_ior.txt file to open IIOP sessions with the Collaboration servers. To enable this, copy the diiop_ior.txt file from your Domino server to the IBM HTTP Server directory.

 

 

Enable single signon between WebSphere Application Server and Domino servers

If single signon (SSO) is configured between WebSphere Application Server and Domino, a user can sign on to the portal and then access portlets that contain information from a Domino-based application or service without having to enter additional credentials for authentication.

Notes:

  • A best practice is to install and configure all servers prior to enabling single signon. For example, install and configure Lotus Team Workplace and Lotus Instant Messaging and Web Conferencing before you enable single signon.
  • All servers participating in single signon must be in the same Internet domain.
  • To enable single signon, enable the IBM LTPA capabilities included in both WebSphere Application Server and Domino. Domino imports the WebSphere LTPA token generated by WebSphere Application Server, and this token can be used for all servers within the Domino domain.
  • If you want to configure single signon across multiple Domino domains, import the same WebSphere LTPA into those Domino domains.
  • One SSO configuration document per Domino domain can be replicated to all the other Domino servers in that domain, but enabling multi-server authentication must be done on every machine in a Domino domain.

The following list provides the order for configuring single signon between WebSphere Application Server and Domino:

  1. Create the WebSphere LTPA key:

    1. Start the WebSphere Administration Console and log in.
    2. Select Security - Authentication Mechanisms - LTPA.
    3. Type a password in the Password field and provide a name path and file name for in the Key File Name field.

      Tip: Remember the password because type it when you import the LTPA key into the Domino server.

    4. Click the Export Keys button.
    5. Click Save to apply the changes to the master configuration.
    6. Click Save on the next screen.
    7. Log out from the WebSphere Administration Console.
    8. If necessary, copy the key file that you created to a location that is accessible to the Domino machine.
  2. Create a Web SSO Configuration document and import the LTPA key:

    If a Web SSO configuration document already exists, you can use it, but you might need to edit it for use with portal. The following instructions provides steps for creating a new Web SSO configuration document.

    1. Start the Domino administrative console.
    2. Open the address book for the server.
    3. Change to the Server - Servers view.
    4. Click the Web button, and then select Create Web SSO Configuration.
    5. Type the domain suffix in the Token Domain field, and then add the Domino hierarchical name of the Domino servers that will participate in the SSO domain in the Domino Server Names field. You do not need to enter the names of the WebSphere Application Server.

      Note: The domain suffix is the end of your domain name, including the period. For example, the domain suffix of region.country.com is .com

    6. Select Create Domino SSO Key from the Keys menu. You should receive a success message.
    7. Click OK to the message box.
    8. Click Save and Close.
    9. If necessary, modify the SSO configuration document to add your Domino server name to the Owners field on the Administration tab.
  3. Import the WebSphere LTPA key:

    1. In the Configuration view, click the Web view, and open the Web SSO Configuration for LTPAtoken.
    2. Select Import WebSphere LTPA keys from the Keys menu. Click OK if you get an error message that states that the SSO configuration has already been initialized.
    3. Type the path and name of LTPA key file, and click OK.
    4. Type the password for the LTPA key and click OK.
    5. Click OK to the message that states that the key import is successful.
    6. For versions prior to Domino V6.5.1: If necessary, click the Basics tab and add a \ to the LDAP Realm field so that it reads yourhostname\:389.
    7. Click Save and Close.
  4. Enable multi-server single signon authentication:

    1. Open the server document of the Domino server.
    2. Click the Internet Protocols tab, and then the Domino Web Engine tab.
    3. Next to Session authentication, select Multi-server.
    4. Click Save and close.
    5. Exit the Domino administrative client.
    6. Restart the Domino server.
nextsteps

 

Next steps

You have completed this step. Continue to the next step by choosing one of the following topics. related information

 

See also

Home | Support | Terms of use | Feedback

 

WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.

 

IBM is a trademark of the IBM Corporation in the United States, other countries, or both.