Customizing Collaborative Services user
credentials for eTrust
SiteMinder
If you protect the portal and any of the Domino® and Extended Products Portlets or
Common PIM portlets with Computer Associates eTrust SiteMinder,
set the Lotus® Collaborative
Services to
use the eTrust
SiteMinder token instead
of the default LTPA token.
The following are custom credential settings with the possible values shown
as variables:
CS_SERVER_CUSTOM_CRED.enabled=true/false
CS_SERVER_CUSTOM_CRED.useridAttribSource=header/cookie
CS_SERVER_CUSTOM_CRED.useridAttrib=useridAttribName
CS_SERVER_CUSTOM_CRED.ssoTokenAttribSource=header/cookie
CS_SERVER_CUSTOM_CRED.ssoTokenAttrib=tokenAttribName
The custom settings you use for this task accomplish two goals:
- They override the logged in user's credentials through a custom user name,
allowing mapping of principal user identities (fully-qualified user names
or DN's) between two LDAP directories. In this case, the useridAttrib setting
is retrieved from the header.
- They override the logged in user's credentials with a custom SSO token
that is generated from eTrust
SiteMinder.
In this case, the tokenAttribName setting is retrieved
from the cookie.
Perform the following steps:
- Make sure that WebSphere Portal Express, Lotus Domino, Lotus
Sametime,
and Lotus
QuickPlace are all configured
properly so that eTrust
SiteMinder can
perform authentication.
- Modify the CSEnvironment.properties file.
- In the Collaborative services Credential Overrides section,
modify settings to match the following example, where SMSESSION is
the name of the token generated by eTrust
SiteMinder,
and SM_USERDN is the same as the attribute passed by eTrust
SiteMinder to Lotus Domino, Lotus
Sametime, and Lotus
QuickPlace. Tip: The attribute is usually SM_USERDN.
Other common variations are SM_NOTESDN, SM_USER,
or SM_USERUID. If the Lotus Domino servers
in your site are already protected by eTrust
SiteMinder,
examine the eTrust
SiteMinder WebAgent
Configuration file (WebAgent.conf) on the Lotus Domino server
and use the attribute specified in the field dominoheaderforlogin.
CS_SERVER_CUSTOM_CRED.enabled=true
# Valid values are header/cookie
CS_SERVER_CUSTOM_CRED.useridAttribSource=header
CS_SERVER_CUSTOM_CRED.useridAttrib=SM_USERDN
# Valid values are header/cookie
CS_SERVER_CUSTOM_CRED.ssoTokenAttribSource=cookie
CS_SERVER_CUSTOM_CRED.ssoTokenAttrib=SMSESSION
- Create new parameters for each instance of the Common Mail and Lotus Notes View portlets in your site. For more information, see
the section on the AuthTokenName parameter for Lotus
Notes View, and the section on the CPP_PassHttpCookies parameter
for the Common PIM portlets.
Parent topic: Collaborative Services environment properties
Related tasks
Enabling a third-party authentication server to work with the Lotus Notes View portlet
Editing the CSEnvironment.properties file
Related information
Configuring eTrust SiteMinder to perform authentication
|
|
|
Portal, Express Beta Version 6.1