+

Search Tips   |   Advanced Search

Customize Collaborative Services user credentials for eTrust SiteMinder

If we protect the portal and any of the Domino and Extended Products Portlets or Common Mail portlet with CA eTrust SiteMinder, set the Lotus Collaborative Services to use the eTrust SiteMinder token instead of the default LTPA token.

The following are custom credential settings with the possible values shown as variables: 

CS_SERVER_CUSTOM_CRED.enabled=true/false
CS_SERVER_CUSTOM_CRED.useridAttribSource=header/cookie
CS_SERVER_CUSTOM_CRED.useridAttrib=useridAttribName
CS_SERVER_CUSTOM_CRED.ssoTokenAttribSource=header/cookie
CS_SERVER_CUSTOM_CRED.ssoTokenAttrib=tokenAttribName

The custom settings that we use for this task accomplish two goals:

  • They override the logged in user's credentials through a custom user name, allowing mapping of principal user identities (fully qualified user names or DNs) between two LDAP directories. In this case, the useridAttrib setting is retrieved from the header.

  • They override the logged in user's credentials with a custom SSO token generated from eTrust SiteMinder. In this case, the tokenAttribName setting is retrieved from the cookie.

  1. Make sure that WebSphere Portal, Domino, and Sametime are all configured properly so that eTrust SiteMinder can authenticate.

  2. Modify the CSEnvironment.properties file.

  3. In the Collaborative services Credential Overrides section, modify settings to match the following example, where SMSESSION is the name of the token generated by eTrust SiteMinder, and SM_USERDN is the same as the attribute passed by eTrust SiteMinder to Domino and Sametime.

    The attribute is usually SM_USERDN. Other common variations are SM_NOTESDN, SM_USER, or SM_USERUID. If the Domino servers in the site are already protected by eTrust SiteMinder, examine the eTrust SiteMinder WebAgent Configuration file (WebAgent.conf) on the Domino server and use the attribute specified in the field dominoheaderforlogin.

      CS_SERVER_CUSTOM_CRED.enabled=true # Valid values are header/cookie CS_SERVER_CUSTOM_CRED.useridAttribSource=header CS_SERVER_CUSTOM_CRED.useridAttrib=SM_USERDN # Valid values are header/cookie CS_SERVER_CUSTOM_CRED.ssoTokenAttribSource=cookie CS_SERVER_CUSTOM_CRED.ssoTokenAttrib=SMSESSION

  4. Create new parameters for each instance of the Common Mail and Lotus Notes View portlets in the site. See the section on the AuthTokenName parameter for Lotus Notes View, and the section on the CPP_PassHttpCookies parameter for the Common Mail portlet.


Parent Collaborative Services environment properties

Related tasks:

Configure eTrust SiteMinder to perform authentication