Prepare for single sign-on (SSO) by exporting a LTPA key
from the servers running on an IBM® WebSphere® Application Server.
This step configures and exports the WebSphere LTPA keys for use by the IBM Sametime® Community Server.
If you have multiple cells in your environment, follow this step and
standardize all of the deployments on one set of LTPA keys.
Before you begin
Servers using SSO must use the same LDAP directory that the Sametime Community Server
uses. All servers participating in single sign-on must have the
same domain name, for example: servername.renovations.com.
About this task
The Sametime Community
Server installation creates a Domino® SSO
key. You must replace the Domino SSO
key with a WebSphere LTPA
key to allow the Sametime Community
server running on Domino and
the other servers running on WebSphere Application
Server to have an identical key for token validation and generation.
If Sametime servers
running on WebSphere Application
Server are managed by different Sametime System Console,
you must export the LTPA key from one of the servers (the Media Manager
SIP Proxy/Registrar, Meeting Server, or Advanced Server).Note: Do
not generate keys. If you do so, you must synchronize the nodes, sign
out, restart and then log in to "export" or you risk exporting the
old key set. If you log in and generate keys at a later time, you
must re-run the steps and export/import to update the key set on the Sametime servers.
Procedure
- Log in to the WebSphere Integrated
Solutions Console on the server hosting the Sametime System Console.
- Click .
- Make sure that the Domain name matches the Sametime Server domain.
- Use LTPA V2 cookie name and specify LtpaToken2.
Note: The token name is case-sensitive.
- Click OK.
- Save the change to the master configuration by clicking
the Save link in the "Messages" box at the
beginning of the page.
- Click .
- In the Authentication section, click LTPA.
- (Optional) In the LTPA timeout section, set the timeout
value to a value larger than the default to minimize the potential
for an LTPA token to expire during an active meeting. A value that
covers a period somewhat longer than a typical work day, such as 600
minutes, is recommended. This setting prevents users from being re-prompted
if they are in a meeting longer than the timeout value.
Note: The
value used in step 8 should be the same value you use Sametime Community Server
configuration. If you have a multiple cell environment, this value
should be the same in all cells.
- In the "Cross Cell single sign-on" section, enter a password,
confirm the password, and specify a file name to store the key. Click Export
keys.
Make a note of the location of
the file created. You need to know its location when you import the
file to the Sametime Community
Server.
- Click OK.
- Save the change to the master configuration by clicking
the Save link in the "Messages" box at the
beginning of the page.
- Navigate to the directory where you exported the LTPA key.
- Copy the LTPA key to a location where you can access the
file from the Sametime Community
Server.