If you are deploying the IBM®
Sametime® Community Server behind an IBM Security Access Manager WebSEAL reverse proxy server, configure HTTP tunneling
for clients to access the server.
Procedure
-
Follow these instructions to enable HTTP tunneling on port 80 using the Sametime System Console.
-
Log in to the Integrated Solutions Console.
-
Select .
-
Ensure that the setting is enabled.
-
In the settings:
- If your Sametime Community Server operates on a Microsoft™
Windows™ server, you can leave the Host
name field blank.
- In the HTTP tunneling Port number field, delete port number 8082 and
enter port number 80.
-
Click Update and then restart the server for the change to take
effect.
- Enable reverse proxy support and specify the WebSEAL junction
in the Sametime Administration
Tool on the Sametime Community
Server.
- Open the Sametime Administration
Tool.
- Click .
- In the "Reverse Proxy Support" section, click Enable
Reverse Proxy Discovery on the client to enable the reverse
proxy support.
- Enter the WebSEAL junction name in the Server
Alias field. In this example, st is
the WebSEAL junction name.
-
Create the Security Access Manager WebSEAL junction. Issue the command as one line:
pdadmin> server task webseald-[servername] create -t tcp -h [sametime hostname] -p 80 -i -j -A -F [path to LTPA key]
-Z [LTPA key password]/junction
You
cannot use the
-w parameter for this setup. Some requests generated by
Sametime are not allowed through the junction if the
-w exists. You must also ensure that the LTPA key used in the junction is the
same LTPA key that the
Sametime Community Server uses in
its Web SSO Configuration document.
What to do next
After performing this configuration, you should be able to
log in to https://webseal/stjunction and be prompted
by WebSEAL for authentication. Once authenticated, SSO between WebSEAL
and the Sametime Community
Server should work and all requests for Sametime will route through
WebSEAL.