Customize Collaborative Services user credentials for eTrust SiteMinder
If you protect the portal and any of the Dominoand Extended Products Portlets or Common Mail portlet with Computer Associates eTrust SiteMinder, set the LotusCollaborative Services to use the eTrust SiteMinder token instead of the default LTPA token.
The following are custom credential settings with the possible values shown as variables:
CS_SERVER_CUSTOM_CRED.enabled=true/false CS_SERVER_CUSTOM_CRED.useridAttribSource=header/cookie CS_SERVER_CUSTOM_CRED.useridAttrib=useridAttribName CS_SERVER_CUSTOM_CRED.ssoTokenAttribSource=header/cookie CS_SERVER_CUSTOM_CRED.ssoTokenAttrib=tokenAttribNameThe custom settings you use for this task accomplish two goals:
Perform the following steps:
- They override the logged in user's credentials through a custom user name, allowing mapping of principal user identities (fully-qualified user names or DN's) between two LDAP directories. In this case, the useridAttrib setting is retrieved from the header.
- They override the logged in user's credentials with a custom SSO token that is generated from eTrust SiteMinder. In this case, the tokenAttribName setting is retrieved from the cookie.
- Make sure that WebSphere Portal, Lotus Domino, and Lotus Sametimeare all configured properly so that eTrust SiteMinder can perform authentication.
- Modify the CSEnvironment.properties file.
- In the Collaborative services Credential Overrides section, modify settings to match the following example, where SMSESSION is the name of the token generated by eTrust SiteMinder, and SM_USERDN is the same as the attribute passed by eTrust SiteMinder to Lotus Domino and Lotus Sametime.
The attribute is usually SM_USERDN. Other common variations are SM_NOTESDN, SM_USER, or SM_USERUID. If the Lotus Domino servers in site are already protected by eTrust SiteMinder, examine the eTrust SiteMinder WebAgent Configuration file (WebAgent.conf) on the Lotus Domino server and use the attribute specified in the field dominoheaderforlogin.
CS_SERVER_CUSTOM_CRED.enabled=true # Valid values are header/cookie CS_SERVER_CUSTOM_CRED.useridAttribSource=header CS_SERVER_CUSTOM_CRED.useridAttrib=SM_USERDN # Valid values are header/cookie CS_SERVER_CUSTOM_CRED.ssoTokenAttribSource=cookie CS_SERVER_CUSTOM_CRED.ssoTokenAttrib=SMSESSION
- Create new parameters for each instance of the Common Mail and Lotus Notes View portlets in site. For more information, see the section on the AuthTokenName parameter for Lotus Notes View, and the section on the CPP_PassHttpCookies parameter for the Common Mail portlet.
Parent
Collaborative Services environment properties
Related tasks
Configure eTrust SiteMinder to perform authentication
Enable a third-party authentication server to work with the Lotus Notes View portlet