Import the WebSphere LTPA key into Lotus Domino

You create a Web SSO configuration document on the IBMLotus Dominoserver that runs the Domino and Extended Product or application (for example, a Lotus Domino back-end messaging server or an IBM Lotus Sametimeserver). Then you import the WebSphere LTPA key retrieved from the IBM WebSphere Portal server into the document, so that the same token can be used for single sign-on on both servers.

Perform the following steps:

  1. In the Lotus Notes client, open the NAMES.NSF file on the Domino server you want to include in single sign-on (for example, a Domino messaging/application server, or a Domino server running Lotus Sametime).

  2. Click Configuration -> Web -> Web Configurations to open the Web Configurations view.

      If you see a -Web SSO Configurations- triangle with a Web SSO Configuration for LTPA document, the Web SSO configuration document already exists, continue to either step 3 or step 4 as appropriate.

      If no Web SSO configuration document exists, skip to step 5.

  3. If a Web SSO configuration document already exists and contains the WebSphere LTPA key, do the following:

    1. Open the document on the server where it was created, and add the name of the Lotus Domino server you want to include in single sign-on to the Domino Server Names field in the document.

    2. Replicate the change to any other Lotus Domino servers in site by typing the following command on the Lotus Domino server console on the source server (server where you added the new server's name): 

        rep server_name/org_name names.nsf

    3. For the change to take effect, restart the Lotus Domino server where you typed the command.

    4. Proceed to Test single sign-on.

  4. If a Web SSO configuration document already exists but contains a different key (for example, a key that was created when Lotus Sametime was installed), or if you are unsure if it is the same key exported from WebSphere Portal server, delete the unwanted key as follows:

    1. Locate the Web SSO configuration document.

    2. Set Session authentication to disabled for each participating server listed in the document.

    3. Delete the Web SSO configuration document or rename it to something other than "LtpaToken.".

    4. Replicate the change to any other Lotus Domino servers in site by typing the following command on the Lotus Domino server console on the source server (server where you added the new server's name): 

        rep server_name/org_name names.nsf

    5. Continue to step 5.

  5. Create a new Web SSO configuration document as follows:

    1. On the left, click Configuration -> Servers -> All Server Documents.

    2. On the right, click the Web action button, and select Create Web SSO Configuration from the drop-down menu.

    3. Type the domain suffix in the DNS Domain field. This should match the Domain Name you entered in the WebSphere Portal server.

        The domain suffix is the part of domain address that is common to all the Lotus Domino servers you want to include in single sign-on, including the period. For example, the domain suffix of a server called sales.renovationscorp.com is renovationscorp.com

    4. Add the Domino hierarchical names of the Lotus Domino servers that will participate in the SSO domain in the Domino Server Names field.

        For example, sales/renovationscorp. You do not need to enter the name of the WAS.

    5. Select Import WebSphere LTPA Keys from the Keys menu, and then click OK.

    6. Type the path and name of LTPA key file, and then click OK.

    7. Type the password for the LTPA key, and then click OK.

    8. Click OK to the message that states that the key import is successful.

    9. Click Save & Close.


Parent

Use LTPA keys to configure single sign-on


Related tasks


Configure single sign-on

 


+

Search Tips   |   Advanced Search