Configure IBM Lotus Team Workplace (QuickPlace) and WebSphere Portal
Overview
The following topic provides instructions for configuring WebSphere Portal and IBM Lotus Team Workplace to work together. Specifically, this topic provides the required steps for configuring the following two portlets:
- Inline Team Workplaces (Inline QuickPlace)
- Lotus My Team Workplaces (Lotus QuickPlace)
Domino LDAP is required for use with WebSphere collaborative portlets such as My Lotus Team Workplace.
Do NOT mix LDAPs flavors. For example, you cannot use Domino LDAP for your collaborative portlets and use Novell eDirectory for the rest of the portal. Only one LDAP user registry is allowed per portal.
- Configure WebSphere Portal to use IBM Lotus Team Workplace
- Configure single signon between WebSphere Portal and IBM Lotus Team Workplace
- Configure Domino LDAP for Inline Team Workplaces
- Configure the DIIOP task (optional)
- Configure the Lotus My Team Workplaces portlet
- Add the QPServlet (Lotus My Team Workplaces portlet only)
- Configure the Search Places feature (Lotus My Team Workplaces portlet only)
Step 1: Configure WebSphere Portal to use IBM Lotus Team Workplace
- Confirm installation of Collaboration Center Components
- Stop WebSphere Portal...
cd $WAS_HOME/bin
stopServer.sh WebSphere_Portal- Configure collaborative services to use Domino Directory
- Make a backup copy of wpconfig.properties
- Edit wpconfig.properties and tweak values in the section Collaborative Services Properties
Property Value LCC.QuickPlace.Enabled
Description: Determines whether Lotus Team Workplace is enabled. Recommended: true Default: false LCC.QuickPlace.Server
Description: Name of the Lotus Team Workplace server. Recommended: my.server.com Default: my.server.com LCC.QuickPlace.Protocol
Description: Protocol used to connect to the Lotus Team Workplace server. Recommended: http Default: http LCC.QuickPlace.Port
Description: Port number for the Lotus Team Workplace server. Recommended: 80 Default: 80 - Save the file.
- Configure IBM Lotus Team Workplace to use Lotus collaborative components
cd $Portal_Home/portalserver/config WPSconfig.sh lcc-configure-quickplace-DDBPassword=password -DWmmDbPassword=password To configure all Lotus collaborative components, tweak appropriate values in wpconfig.properties, and then run...
./WPSconfig.sh lcc-configure-all- If you encounter an error, check the logs
- Start WebSphere Portal
cd $WAS_HOME/bin startServer WebSphere_Portal
Step 2: Configure single signon between WebSphere Portal and IBM Lotus Team Workplace
Single sign-on enables the passing of Portal login credentials to Domino.
- Verify that no Web SSO configuration document exists in Domino.
- Create the WebSphere LTPA key
- Import the WebSphere LTPA key into Domino
- Enable multi-server single signon authentication
- Create the Domino Web Server Configuration database (domcfg.nsf)
- Update the notes.ini file
- Test single signon between WebSphere Portal and Lotus Team Workplace
Verify that no Web SSO configuration document exists in Domino.
- Use a Notes client to open the names.nsf file on the Domino server with which you are working.
- Click...
Configuration | Web | Web Configurations- If you see a -Web SSO Configurations- triangle with a Web SSO Configuration for LTPA link, the Web SSO configuration document already exists. You can click on the link to get more information.
If this Web SSO configuration document already exists, do one of the following:
- If the Web SSO configuration document already contains the WebSphere LTPA key, perform the following steps:
- Open the Web SSO configuration document on the server where the LTPA key was created, and add this Domino server to the Domino Server Names field.
- Replicate the change to this Domino server by issuing the following command on the Domino server console...
rep server/org names.nsf- Restart Domino for the change to take effect, and then proceed to Create domcfg.nsf.
- If the Web SSO configuration document contains a different, key or if you are unsure if it is the same key exported from your WebSphere Portal, delete the key, replicate this change around to the other Domino server, and re-create it with the steps provided.
Create the WebSphere LTPA key
Note that if you have already created the WebSphere LTPA key for another application (for example, Tivoli Access Manager, QuickPlace, or Sametime) you can skip this step, and import the same key into Domino.
Perform the following steps:
- Start the WebSphere Administration Console and log in.
- Enable WAS global security
You cannot export LTPA keys from WAS with security disabled.
- Select Security - Authentication Mechanisms - LTPA.
- Type a password in the Password field and provide a name path and file name for in the Key File Name field.
Tip: Remember the password because type it when you import the LTPA key into the Domino server.
- Click the Export Keys button.
- Click Save to apply the changes to the master configuration.
- Click Save on the next screen.
- Log out from the WebSphere Administration Console.
- Copy the key file that you created to a location that is accessible to the Domino machine.
Import the WebSphere LTPA key into Domino
The following steps show how to create the Web SSO configuration document in Lotus Team Workplace and import the WebSphere LTPA key for Lotus Team Workplace to use for single signon.
Perform the following steps:
- Start the Domino administrative console.
- Open the address book for the server.
- Change to the Server - Servers view.
- Click the Web button, and then select Create Web SSO Configuration.
- Type the domain suffix in the Token Domain field. This should match the Domain Name you entered in the portal server.
- Add the Domino hierarchical name of the Domino servers that will participate in the SSO domain in the Domino Server Names field. You do not need to enter the names of the WebSphere Application Server.
- Select Import WebSphere LTPA keys from the Keys menu, and then click OK.
- Type the path and name of LTPA key file, and then click OK.
- Type the password for the LTPA key and then click OK.
- Click OK to the message that states that the key import is successful.
- Click the Basics tab and add a \ to the LDAP Realm field so that it reads yourhostname\:389.
- Click Save and Close.
Enable multi-server single signon authentication
This section provides steps to enable Domino to look for LTPA tokens in the Web browser to authenticate uses.
- Open the server document of the Domino server.
- Click...
Internet Protocols tab | Domino Web Engine tab | Session authentication | Multi-server | Save | Close- Exit the Domino administrative client.
- Restart the Domino server.
Note: If you entered multiple servers in the Domino Server Names field, you need to replicate this new document to each server specified by performing the following steps:
- Type the following at a command line:
rep server1/yourorg names.nsf- Restart each Domino server containing the new Web SSO Configuration document.
Create the Domino Web Server Configuration database (domcfg.nsf)
Perform the following steps:
- From a Notes client, select...
File | Database | New | Lotus_Team_Workplace_server- Type a descriptive title, for example: Web Server Configuration.
- Type domcfg.nsf for the file name. Note that the file name MUST be domcfg.nsf.
- Next to Server in the middle of the dialog box, select any server.
- Click...
Show advanced templates | Template | Domino Web Server Configuration (6) (domcfg5.ntf) | Add Mapping | OK- Open the Web Server Configuration database (domcfg.nsf).
- Click Add Mapping.
- Next to Applies To, select one of the following:
- All Web Sites/Entire Server (default)
- Specific Web Site/Virtual Server.
If you select...
Specific Web Site/Virtual Server...a new field displays in which you specify the IP addresses of the Web Site documents or Virtual Servers.
- Next to Target Database, type...
quickplace/resources.nsf...to replace the default entry.
- Next to Target Form, type...
QuickPlaceLoginForm- Click Save and Close.
Update the notes.ini file
- Edit
\Lotus\Domino\notes.ini...and add...
NoWebFileSystemACLs=1...to the file. Do not place this as the last line of the file.
- Restart the Domino server for the changes to take effect.
Test single signon between WebSphere Portal and Lotus Team Workplace
Perform the following steps:
- Sign on to WebSphere Portal.
- In a browser, go to...
http://qpserver.domain.com/quickplaceYour name should appear at the top left corner.
If your name does not appear, single signon is not working. Refer to technote 1158269
Step 3: Configure Domino LDAP for Inline Team Workplaces
To use the Inline Team Workplaces portlet, configure WebSphere Portal for a Domino server in your environment running the LDAP task. If one does not exist, you can configure your Lotus Team Workplace server to run the LDAP task for this purpose.
How the Lotus Team Workplace drop-down list feature works
The Lotus Team Workplace drop-down list feature attempts to populate a list of places on a server, after a user selects the desired server from the server drop-down list, or manually enters the server hostname, and clicks the check box. At this point the collaborative servers attempt to connect to the Domino server specified by the user over DIIOP. If the connection is made, a Java program attempts to find all places on the server. For the list of places to display, the DIIOP task must be running, and the user attempting to use the drop-down server list must have access to run Java agents on the Lotus Team Workplace server.
Step 4: Configure the DIIOP task (optional)
The DIIOP task must be configured correctly for the drop-down server list to function in the Inline Team Workplaces portlet.
If you do not complete the following steps, users with access to edit the Inline Team Workplaces portlet must manually enter the Lotus Team Workplace server they need displayed in the portlet.
Enable the database drop-down list feature by enabling the DIIOP task and allowing users the ability to run Java agents (optional)
To enable the database drop-down list, two tasks are provided in this section: enabling the DIIOP task, and allowing users the ability to run Java agents.
To enable the DIIOP task in Domino, issue the following command on the Lotus Team Workplace Domino server console:
load diiopTo enable the DIIOP task to load automatically every time the Domino server starts, peform the following steps:
- Open the notes.ini in the Domino Program directory.
- Locate the line ServerTasks= and add ,diiop to the end of the line.
- Save and close the file.
Next, perform the following steps to allow users the ability to run Java agents.
- Start the Domino administrative console.
- Open the address book from the desired server.
- Navigate to the Server - Servers view
- Double click on the server document that you want to configure.
- Make the following configuration changes to the server document:
- On the Basics tab, make sure the Fully Qualified Internet Host Name field contains the fully qualified name that you enter in the browser to access this server.
- Switch to the Ports tab. On the Notes Network Ports sub-tab, make sure the top line has the Port set to TCPIP and the Net Address set to the fully qualified name of the server. Make sure this port is set to Enabled.
- Switch to the Internet Protocols tab. On the HTTP sub-tab select Yes for the option Allow HTTP Clients To Browse Databases.
- Switch to the Security tab. For troubleshooting and development purposes set the following two fields to * under the Programmability Restrictions section:
Run restricted Java/JavaScript/COM: * Run unrestricted Java/JavaScript/COM: *You might want to restrict these fields to a subset of users. If you do this, note the following information:
- The Domino server to which you are connecting must be included with the full canonical name (for example, kingston/itso). Next, add any users or groups who you want to receive a list of databases when placing a portlet in edit mode. You can also use an asterisk (*) as a wild card.
- If you want to add the user wpsadmin, add the following to the field: uid=wpsadmin/cn=users/o=ibm/c=us. To add all members in the /o=ibm/c=us organization, add the following to the field:
*/o=ibm/c=us
The list of Team Workplaces on your server should now appear in the drop-down list. If you continue to experience problems with the drop-down server list, reference technote 1157249.
Step 5: Configure the Lotus My Team Workplaces portlet
After installing the My Team WorkPlace portlet, update the portlet with the hostname of your Team Workplace server.
Perform the following steps:
- Log in to the portal as an administrator.
- Click...
Administration | Portlet Management | Portlets- Search for My Lotus Team Workplaces
- Click the wrench icon to modify.
- For QuickPlaceHostName parameter enter fully qualified host name of the Lotus Team Workplace server.
- Save
The Lotus My Team Workplaces portlet will now attempt to communicate with your Lotus Team Workplace server, but complete the next two sections before the communication attempt will be successful.
Step 6: Add the QPServlet (Lotus My Team Workplaces portlet only)
To enable Lotus Team Workplace in your collaborative portal, add the QPServlet (cs.jar) to your Lotus Team Workplace server. The QPServlet ensures that the records of portal users who are registered in portal are synchronized with Lotus Team Workplace membership records.
- If it does not already exist, create directory...
Lotus\Domino\Data\Domino\Servlet- Edit...
<installation_drive>:\Lotus\Domino\Data\servlets.properties...and add...
servlet.QPServlet.code=com.lotus.cs.util.QPServletNote that the preceding line is case-sensitive, and add a hard return at the end of the line.
- Save and close the file.
- Copy the cs.jar from...
<wp_root>/shared/app...into...
Lotus\Domino\Data\domino\javaDo not create sub-directories such as WEB-INF under Lotus\Domino\Data\domino\java.
- On the Lotus Team Workplace server, edit notes.ini and add the following below the JavaUserClassext line:
WPS1=c:\Domino\data\domino\java\cs.jar- Also within notes.ini, locate the Servertasks line, and add diiop at the end of the line.
- Verify Domino Servlet Manager is set for Java Servlet Support:
- Start Domino Administrator and type the password for the administrator.
- Open the names.nsf database of the Lotus Team Workplace server.
- Edit the Lotus Team Workplace server document.
- Go to Internet Protocols and click Domino Web Engine.
- Set Java Servlet Support to Domino Servlet Manager.
- Save the close the document.
- Ensure that the Lotus Team Workplace document specifies the distinguished name of users and the Lotus Team Workplace server name in both fields of the Security settings for Run Java/COM Restrictions:
- Start Domino Administrator and type the password for the administrator.
- Open the names.nsf database of the Lotus Team Workplace server.
- Edit the Lotus Team Workplace server document.
- Go to the Security tab and set the following fields:
- Run restricted Java/Javascript/COM.
*/cn=users/dc=yourcompany/dc=com, yourTeam WorkplacesServer- Run unrestricted Java/Javascript/COM.
*/cn=users/dc=yourcompany/dc=com, yourTeam WorkplacesServer
- Restart the the Lotus Team Workplace server
- Verify that the QPServlet has been installed properly by going to...
The browser should return a message similar to the following message:http://<yourserver>/servlet/QPServlet?actionType=69QPServlet:LCS Build [Version][Date][WPS build stream]=[KS3224wa][0302.2600][5.0] Posted Build Use with QP3.0.1 SESSION 68=whoami actionType=6969s=searchstringIf you do not see the preceding message, refer to technote 1159319
Step 7: Configure the Search Places feature (Lotus My Team Workplaces portlet only)
Four features of the Lotus Team Workplace portlet, My Tasks, My Pages, Search this place, and Search my workplaces, use a feature of the Team Workplaces server that is not configured by default. This feature is Search Places.
To set up the Search Places feature, complete these steps:
- Configure Domain Search and Domain Indexer:
- Open the Domino Directory (Names.nsf) from the Lotus Team Workplace server in a notes client.
- Click Configuration - Servers - All Server Documents view, and open the Lotus Team Workplace server document.
- Click the Server Tasks - Domain Catalog tab.
- Select Enabled in the Domain Catalog field. This step starts the Catalog task and creates the Domain Catalog. You run the Catalog task to keep the Database Catalog up to date. You might do this on a schedule, for example, by including the task in the notes.ini setting, ServerTasksAt1.
- Click the Domain Indexer tab.
- Click Enabled in the Schedule field to enable the Domain Indexer task. Specify a schedule for running the Domain Indexer.
- Configure Search Places settings in the qpconfig.xml file.
- Open the qpconfig.xml file in a text editor.
- Scroll down to the Search Places section and remove the following lines from the beginning and end of Search Places section, respectively.
<!-- =============== START OF SAMPLE ================ =============== END OF SAMPLE =================== -->- Modify the Search Places tags for your environment.
- Restart the Domino server for these setting to take effect.
- Test the Search Places feature in the Team Workplaces portlet:
- Sign in to a place you have created.
- Click Search
- You should see three radio buttons: Search All Places, Search This Place, and Folder.
- Select Search All Places radio button and search on something you know will return results, for example Welcome.
If you do not see the Search All Places button, or if the search for Welcome does not return results, reference Technote 21106449.
See also
WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.
IBM is a trademark of the IBM Corporation in the United States, other countries, or both.
Tivoli is a trademark of the IBM Corporation in the United States, other countries, or both.