+

Search Tips   |   Advanced Search


Configure SSO if Sametime authenticates with Native Domino

If WebSphere Portal authenticates against an LDAP directory and IBM Lotus Sametime authenticates against Native Lotus Domino, users are known to the Portal server and the Sametime server by different distinguished names. To ensure that single sign-on works correctly, synchronize users' names in the directories.

  1. Import the LTPA token into Sametime.

    Ensure that you have correctly imported the WebSphere LTPA key into the Sametime server. For more detailed instructions on this step, refer to technote #1158269, Troubleshooting WebSphere Portal, Domino Extended Products, and Domino SSO Issues.

  2. To configure the Domino Directory on the Sametime server, synchronize the user name and passwords in the Domino Directory with the names that WebSphere Portal uses to authenticate a user.

    For example, if the WebSphere Portal user directory is IBM Directory Server (IDS), and a user's Distinguished Name (DN) from IDS is:

    uid=tuser,cn=users,dc=acme,dc=com

    add the following to the User Name or Short Name field of the Person document for Test User in Domino:

    uid=tuser/cn=users/dc=acme/dc=com

    Add the entry below the Domino canonical name (which should be the top line of the User Name field) and common name (CN) (which should be the second line). Following the example used here, the User Name field should be as follows:

    Element Value
    First name Test
    Middle name  
    Last name User
    User name Test User/acme Test User uid=tuser/cn=users/dc=acme=dc=com

  3. Configure the Sametime server to remap users' DNs (distinguished names) when passed with an LTPA token.

    For Sametime 6.5.1, ensure that you have Interim Fix 1 (IF1) installed directly from IBM Lotus Technical Support.

    1. Update the notes.ini file as follows:

      ST_UID_PREFIX=*

      ST_UID_POSTFIX=*

    2. On the Sametime server, update the sametime.ini file, adding the following under the [CONFIG] section:

      ST_DOMINO_DUAL=1

  4. To enable awareness, check that you have already enabled Sametime and then update CSEnvironment.properties as follows:

    CS_SERVER_SAMETIME_1.useLTPAToken=true

    CS_SERVER_SAMETIME_1.nameFormatForResolve=dn

    CS_SERVER_SAMETIME_1.dnNameSeparator=/


Parent topic:

Configure single sign-on


Related information


Troubleshooting WebSphere Portal, Domino Extended Products, and Domino SSO Issues.