Note: You need to configure SSO
between IBM Websphere Portal and all the IBM Lotus Sametime Community Server
only. The Proxy Server is never configured for SSO and is always called from
Websphere Portal AJAX proxy or by ST Proxy 8.5.2 API.
1. Configure Security and Export LTPAToken from IBM Websphere Portal 8.
2. Configure Web SSO Document and Import LTPAToken in IBM Lotus Domino 8.5.
3. Creating the Resource Environment Providers in IBM Websphere Portal 8.
4. Updating the full profile to include the Sametime Proxy module.
5. Configure the AJAX Proxy in IBM WebSphere Portal 8.
1.
Configure
Security and Export LTPAToken from IBM Websphere Portal 8.
If you will
use IBM Sametime with IBM WebSphere Portal, you can enable single sign-on by
importing the WebSphere Portal LTPA token into the IBM Domino server used by
Sametime, and then configuring WebSphere-based servers from both deployments to
use the same realm.
a. On the
WebSphere Application Server, start the administrative console and log in.
b. Select
Security > Global security.
c. Select
Web and SIP Security in Authentication Cache Settings
d. Click
Single Sign-On, Make sure it is enable and have prod.rcds.lan in Domain name.
e. Select
interoperability mode (for both LtpaToken and LtpaToken2).
f. Leave the
cookie name field blank for both Ltpa1 and Ltpa2.
g. Select
both Web inbound security attribute
propagation and Set security cookies
to HTTPOnly to help prevent cross-site scripting attacks.
h. Click
Apply then OK and then save the settings to master configuration.
i. Again in
Global Security, Under Authentication, click LTPA under Authentication
mechanisms.
j. Type a
password in the Password field and enter a name, path and file name in the Key
File Name field and make a note of the password; you will need it during your
next SSO task when you import the LTPA key into the Domino server.
k. Click the
Export Keys button.
l. If you
made changes, click Save to apply the changes to the master configuration, then
Save again on the next screen.
m. Log out
from the administrative console.
n. Copy the
key file that was created during the export process to a location that is
accessible to the Domino server.
2. Configure
Web SSO Document and Import LTPAToken in IBM Lotus Domino 8.5
Note: Perform this step on all the IBM
Lotus Domino Servers in the Cluster i.e. STChat1, STChat2, STChat3.
a. Open the
names.nsf file on the Domino server for the Sametime Community Server.
b. Click
Configuration > Web Web Configurations view.
c. Open the
Web SSO Configuration for LtpaToken document.
d. Click
Edit SSO Configuration.
e. Click
Keys > Import WebSphere LTPA keys.
f. Type in
the exact file location of the key file you created when you exported the LTPA
token from WebSphere Portal in step 1.
g. Enter password you created when you exported the LTPA token from WebSphere Portal in
step 1.
h. Click OK.
The message
"Successfully imported WebSphere LTPA keys" appears after the key has
been imported.
Important:
MAKE SURE THE REALM NAME MATCHES HERE - remember that if it is a Portal realm,
it often has the value ldaphost:389 as display, which means it needs to be
modified to
ldaphost/:389
in the UI before saving.
3.
Creating
the Resource Environment Providers in IBM Websphere Portal 8
- Log
in to the IBM WebSphere Application Server Integrated Solutions Console.
-
Click Resources > Resource Environment Providers.
- Open
the WP CommonComponentConfigService provider.
- Create the following custom properties if
they are not already created:
cc.sametime.proxy.enabled
Set the value to true.
cc.sametime.proxy.scheme
Set the value to http or https. It must
match the way your Sametime Proxy Server is accessed.
cc.sametime.proxy.host
Set the value to the name of your
server. For example, hostname.domainname.com.
cc.sametime.proxy.port
Set the value to the port of your
server.
cc.sametime.connect.client
Set the value to false. If you set the
value to true Sametime Proxy uses the Sametime connect client which is
installed on Sametime Proxy server machine.
cc.sametime.proxy.version
Set the value to 8.5.2.
Save to Master Configuration.
4.
Updating
the full profile to include the Sametime Proxy module.
Connect to the WebSphere Portal Express
server using a WebDAV client. See the related links for information.
Navigate to the profiles folder
/fs-type1/themes/Portal8.0/profiles.
Copy the profile_full.json file to your WebDAV
client.
Edit the json file and add the
wp_sametime_proxy to the moduleIDs section of the profile.
Copy the profile back to WebSphere Portal
Express.
Restart WebSphere Portal Express to
activate the profile.
Restart your WebSphere Portal Express server.
Log in as a user in the LDAP and open the
page with the Sametime Web 2.0 Contact List portlet. Click Applications >
Collaboration > IBM Sametime. The portlet shows that the user is online and
you can use other Sametime Web 2.0 Contact List functions to see other online
users
5.
Configuring
the AJAX Proxy on IBM Websphere Portal 8 Server.
To enable
communication between WebSphere Portal and Lotus Sametime Proxy Server, do the
following:
1.
Navigate to the following directory:
wp_profile_root\\installedApps\\node_name\\AJAX Proxy
Configuration.ear\\wp.proxy.config.war\\WEB-INF
2.
Locate
and open proxy-config.xml with any text editor.
3.
Locate
the following element: .
4.
Copy and paste
the following XML beneath that element:
5. Edit the XML you pasted into the file to specify the server name and
port number for Lotus Sametime Proxy Server.
6. Save and close proxy-config.xml.
7. Use the following command below to check the proxy-config.xml file
in Websphere portal.
8. Now run the following command below:
ConfigEngine.bat checkin-wp-proxy-config -DProxyConfigFileName=dir_path/proxy-config.xml
Where dir_path/your_updated_proxy_file.name is the complete
path of your modified proxy-config.xml file.
No comments:
Post a Comment