Configure single sign-on between WebSphere Portal and Lotus Domino
Overview
All servers participating in single sign-on must be in the same Internet domain.
To enable single sign-on, enable the IBM LTPA capabilities included in both WAS and Lotus Domino. The WebSphere LTPA token generated by WAS is imported into Lotus Domino. This LTPA token can be used for all servers within the Lotus Domino domain.
Verify that automatic LTPA key generation is disabled on each node of the single sign-on domain.
To enable single sign-on across multiple Lotus Domino domains, import the same WebSphere LTPA token into those Lotus Domino domains.
The Domino-WebSphere Portal Integration Wizard cannot integrate servers in multiple Lotus Domino domains.
Configure all Lotus Domino servers and then enable SSO for them all. For example, install Lotus Domino messaging/applications servers, and servers for Lotus Sametime, before you enable single sign-on.
One Web SSO configuration document per Lotus Domino domain can be replicated to all the other Lotus Domino servers in that domain, but enabling multi-server authentication must be done individually for every server in a Lotus Domino domain.
Additional configuration may be needed if WebSphere Portal is configured for multiple realms. See Problem: Single Sign-On may fail when the portal is configured to use multiple realms in the troubleshooting topic under Related concepts.
The Domino-WebSphere Portal Integration Wizard can do several parts of this task for you. The exceptions are...
- Increasing SSO security by preventing anonymous access
- The three testing and checking procedures
- Reconciling SSO across Lotus Domino and another LDAP directory
- Enabling a third-party authentication server
Run the Wizard
- Use LTPA keys to configure single sign-on
- Optional: Enable a third-party authentication server to work with the Lotus Notes View portlet
If Lotus Domino is your back-end system and your WebSphere Portal installation is configured for Single Sign-on through a third-party authentication system such as eTrust SiteMinder, messaging portlets such as Lotus Notes View require parameters to manage custom authentication with the Lotus Domino server.
- Test single sign-on
Use your Web browser to go to a Web page where you can test the operation of single sign-on between the portal server and the Lotus Domino or IBM Lotus Sametime server.
Parent topic:
Integrate Lotus Domino applications and mail
Next topic:
Configure e-mail integration