Configure SSO if Sametime authenticates with Native Domino

If WebSphere Portal authenticates against an LDAP directory and IBM LotusSametimeauthenticates against Native IBM Lotus Domino®, users are known to the Portal server and the Sametime server by different distinguished names. To ensure that single sign-on works correctly, you need to synchronize users' names in the directories.

  1. Import the LTPA token into Sametime.

      Ensure that you have correctly imported the WebSphere LTPA key into the Sametime server. For more detailed instructions on this step, refer to technote #1158269, Troubleshooting WebSphere Portal, Domino Extended Products, and Domino SSO Issues.

  2. To configure the Domino Directory on the Sametime server, synchronize the user name and passwords in the Domino Directory with the names that WebSphere Portal uses to authenticate a user.

      For example, if the WebSphere Portal user directory is IBM Directory Server (IDS), and a user's Distinguished Name (DN) from IDS is:

      uid=tuser,cn=users,dc=acme,dc=com

      add the following to the User Name or Short Name field of the Person document for Test User in Domino:

      uid=tuser/cn=users/dc=acme/dc=com

      Add the entry below the Domino canonical name (which should be the top line of the User Name field) and common name (CN) (which should be the second line). Following the example used here, the User Name field should be as follows:

      Element Value
      First name Test
      Middle name
      Last name User
      User name Test User/acme Test User uid=tuser/cn=users/dc=acme=dc=com

  3. Configure the Sametime server to remap users' DNs (distinguished names) when passed with an LTPA token.

      If you are using Sametime 6.5.1, ensure that you have Interim Fix 1 (IF1) installed directly from IBM Lotus Technical Support.

      1. Update the notes.ini file as follows:

          ST_UID_PREFIX=*

          ST_UID_POSTFIX=*

      2. On the Sametime server, update the sametime.ini file, adding the following under the [CONFIG] section:

          ST_DOMINO_DUAL=1

  4. To enable awareness, check that you have already enabled Sametime and then update CSEnvironment.properties as follows:

      CS_SERVER_SAMETIME_1.useLTPAToken=true

      CS_SERVER_SAMETIME_1.nameFormatForResolve=dn

      CS_SERVER_SAMETIME_1.dnNameSeparator=/


Parent

Configure single sign-on

Troubleshooting WebSphere Portal, Domino Extended Products, and Domino SSO Issues.

 


+

Search Tips   |   Advanced Search