IBM® Sametime® single sign-on
(SSO) authentication allows web users to log in once to an IBM Domino® or IBM WebSphere® server,
and then access any other Domino or WebSphere server in the same DNS domain
that is enabled for single sign-on (SSO) without having to log in
again. In a multiple server environment, it is possible that one or
more servers in your Domino domain
are already configured for Domino SSO, and the Domino Directory already
contains a Domino Web
SSO configuration document. When you install Sametime, it creates a Web
SSO configuration document called LtpaToken unless one already exists
in the Domino Directory.
If an LtpaToken configuration document already exists, Sametime does not attempt
to alter it.
About this task
In some cases, it may be necessary
to alter the default configuration of the Domino SSO feature following
the Sametime server
installation. For instructions, see Altering the Domino Web SSO configuration following the Sametime server installation.
Complete
the steps in this section if your Domino server is not
configured for Web SSO, and you want to use the Web SSO document that Sametime creates to configure
it.
When you enable SSO, the LTPA level used in Domino (on the Sametime Community Server)
must match the LTPA level used by WebSphere on
the Sametime Meeting
Server and any other server that is part of the SSO environment.
Procedure
- From the Domino Administrator
or a Notes® client,
click . Browse to the Domino server and type
names.nsf in the Filename field. Click Open.
Note: If you attempt to open
this document from Domino Administrator
Configurations tab, Web - web Configurations view, the Web SSO Configuration
document will not display.
- Expand the list of Web SSO Configurations.
- Double click the "Web SSO Configuration for LtpaToken"
document to open it in edit mode.
- Update these fields as necessary:
- Configuration name -- Enter LtpaToken.
- DNS Domain -- make sure this is the fully qualified domain
suffix of the Sametime server.
For example, if the server's fully qualified name is server.domain.com,
the .domain.com should be entered in this field. Ensure that the leading
period (.) is present in front of the domain suffix.
- Organization -- Leave this field blank.
- Participating servers -- Add the Sametime server and other
servers that belong to the SSO realm to the list.
- After entering the information, select Keys and
do one of the following:
- Create a DominoSSO Key
- If WebSphere is
participating in SSO, the Domino SSO key created
by the install program should be replaced by the WebSphere LTPA key to allow both Domino and WebSphere to have an identical key for
token validation and generation. Do this by importing the LTPA key
from WebSphere to Domino. For more information,
see Setting up single sign-on
for Sametime clients.
Note: When adding servers to the Participating
servers field, click the arrow and choose the name from an Address
Book when possible. If this is not possible, make sure that you use
the full hierarchical name when you add a server (for example, Server1/Example
where CN=Server/O=Org).