Enabling SAML for Meetings

Before you begin

The Sametime Meeting server relies on the Sametime Proxy Server for authentication. To configure the Sametime Meeting server to use SAML, you must complete the procedures described in Enabling SSO between a SAML identity provider and the Sametime Community Server and Configure the Sametime Proxy Server for SAML authentication.

The Sametime Meeting server redirects the user's login to be handled by the SAML Identity Provider (IdP) by way of the Sametime Proxy server. There is no need to configure a separate relying party trust on the Identity Provider, it shares the same configuration as the Sametime Proxy server. When Sametime Meeting Server is configured for SAML, the Sametime Meetings landing page changes from the traditional login page to a guest login page with a button for users to login. The login button redirects the user to the SAML IdP for authentication.

Before enabling the Sametime Meeting Sever for SAML, ensure that SAML authentication is working properly on the Sametime Proxy Server.

Meeting support for SAML authentication requires:
  • The im.meetingsenabled Anonymous policy must be set to 1 in the in the policies.user.xml on the Community Server. See Configuring Policies for more information.
  • Guest access enabled in stconfig.nsf Anonymous Access document. (Configured by default)
  • Anonymous Users access to Community Services is set to true. (Configured by default)

About this task

The procedure for enabling SAML is different for the Docker and Kubernetes container management system. Follow the steps appropriate for your environment.

Enabling SAML for Meetings on Docker

Procedure

  1. Update the .env file as shown in the following code sample.
    
    "REACT_APP_SHOW_GUEST_LOGIN_BY_DEFAULT" to true
    "ENABLE_GUESTS" to "1"
  2. The Sametime Meeting server uses the same IdP URL as the Sametime Proxy server. If this URL is unknown, access the Sametime Proxy server host and open a command prompt. Change directories to where the Sametime Proxy server is installed, then open the conf\stproxyconfig.xml file.
    Locate the <IDPUrl> section within the file and copy the URL, which is used in the Meeting server configuration.
  3. On the Sametime Meeting server, edit the custom.env file. Locate the line that begins with IDP_URL= and append the URL that was copied from the stproxyconfig.xml
  4. Save and close the custom.env.

Enabling SAML for Meetings on Kubernetes

Procedure

  1. Locate the IdP URL being used in your Sametime Proxy environment. The same URL is used for meetings. Perform the following steps to locate and copy the IdP URL.
    1. On the Sametime Proxy host, locate the stproxyconfig.xml file.
      The file is located in the conf directory where the Sametime Proxy server is installed.
    2. Locate the <IDPUrl> section and copy the URL specified in the meeting configuration.
  2. Configure the Meetings cluster.
    1. From the machine where you extracted the Sametime meetings installer, change directories to the helm directory.
    2. Use a text editor to edit the values.yaml file. Locate the line that begins with idpUrl:<value>.
    3. Copy the IdP URL from your working Sametime Proxy environment and paste the <value> for idpUrl key.
  3. Create a new line below the idpUrl key and add the following statement. Be certain to preserve indentation by using spaces so that it matches the other configuration settings.
     ReactAppShowGuestLoginByDefault: true 
  4. Save and close the values.yaml file.

What to do next

To enable the changes follow the instructions in the Enabling Meeting Configuration Changes topic.