Tuesday, 21 January 2014

Configure SSO between IBM Sametime Community Server 8.5 and IBM Websphere Portal 8




Note: You need to configure SSO between IBM Websphere Portal and all the IBM Lotus Sametime Community Server only. The Proxy Server is never configured for SSO and is always called from Websphere Portal AJAX proxy or by ST Proxy 8.5.2 API.

Table of Contents:

1. Configure Security and Export LTPAToken from IBM Websphere Portal 8.
2. Configure Web SSO Document and Import LTPAToken in IBM Lotus Domino 8.5.
3. Creating the Resource Environment Providers in IBM Websphere Portal 8.
4. Updating the full profile to include the Sametime Proxy module.
5. Configure the AJAX Proxy in IBM WebSphere Portal 8.



1.     Configure Security and Export LTPAToken from IBM Websphere Portal 8.
If you will use IBM Sametime with IBM WebSphere Portal, you can enable single sign-on by importing the WebSphere Portal LTPA token into the IBM Domino server used by Sametime, and then configuring WebSphere-based servers from both deployments to use the same realm.

a. On the WebSphere Application Server, start the administrative console and log in.
b. Select Security > Global security.
c. Select Web and SIP Security in Authentication Cache Settings
d. Click Single Sign-On, Make sure it is enable and have prod.rcds.lan in Domain name.
e. Select interoperability mode (for both LtpaToken and LtpaToken2).
f. Leave the cookie name field blank for both Ltpa1 and Ltpa2.
g. Select both Web inbound security attribute propagation and Set security cookies to HTTPOnly to help prevent cross-site scripting attacks.
h. Click Apply then OK and then save the settings to master configuration.
i. Again in Global Security, Under Authentication, click LTPA under Authentication mechanisms.
j. Type a password in the Password field and enter a name, path and file name in the Key File Name field and make a note of the password; you will need it during your next SSO task when you import the LTPA key into the Domino server.
k. Click the Export Keys button.
l. If you made changes, click Save to apply the changes to the master configuration, then Save again on the next screen.
m. Log out from the administrative console.
n. Copy the key file that was created during the export process to a location that is accessible to the Domino server.

2. Configure Web SSO Document and Import LTPAToken in IBM Lotus Domino 8.5


Note: Perform this step on all the IBM Lotus Domino Servers in the Cluster i.e. STChat1, STChat2, STChat3.

a. Open the names.nsf file on the Domino server for the Sametime Community Server.
b. Click Configuration > Web Web Configurations view.
c. Open the Web SSO Configuration for LtpaToken document.
d. Click Edit SSO Configuration.
e. Click Keys > Import WebSphere LTPA keys.
f. Type in the exact file location of the key file you created when you exported the LTPA token from WebSphere Portal in step 1.
g. Enter password you created when you exported the LTPA token from WebSphere Portal in step 1.
h. Click OK.

The message "Successfully imported WebSphere LTPA keys" appears after the key has been imported.

Important: MAKE SURE THE REALM NAME MATCHES HERE - remember that if it is a Portal realm, it often has the value ldaphost:389 as display, which means it needs to be modified to
ldaphost/:389 in the UI before saving.


3.    Creating the Resource Environment Providers in IBM Websphere Portal 8

  -  Log in to the IBM WebSphere Application Server Integrated Solutions Console.
  -  Click Resources > Resource Environment Providers.
  -  Open the WP CommonComponentConfigService provider.
  - Create the following custom properties if they are not already created:

    cc.sametime.proxy.enabled
        Set the value to true.
    cc.sametime.proxy.scheme
        Set the value to http or https. It must match the way your Sametime Proxy Server is accessed.
    cc.sametime.proxy.host
        Set the value to the name of your server. For example, hostname.domainname.com.
    cc.sametime.proxy.port
        Set the value to the port of your server.
    cc.sametime.connect.client
        Set the value to false. If you set the value to true Sametime Proxy uses the Sametime connect client which is installed on Sametime Proxy server machine.
    cc.sametime.proxy.version
        Set the value to 8.5.2.
  
    Save to Master Configuration.

 4.    Updating the full profile to include the Sametime Proxy module.

    Connect to the WebSphere Portal Express server using a WebDAV client. See the related links for information.
    Navigate to the profiles folder /fs-type1/themes/Portal8.0/profiles.
    Copy the profile_full.json file to your WebDAV client.
    Edit the json file and add the wp_sametime_proxy to the moduleIDs section of the profile.
    Copy the profile back to WebSphere Portal Express.
    Restart WebSphere Portal Express to activate the profile.
    Restart your WebSphere Portal Express server.
    Log in as a user in the LDAP and open the page with the Sametime Web 2.0 Contact List portlet. Click Applications > Collaboration > IBM Sametime. The portlet shows that the user is online and you can use other Sametime Web 2.0 Contact List functions to see other online users

5.    Configuring the AJAX Proxy on IBM Websphere Portal 8 Server.

To enable communication between WebSphere Portal and Lotus Sametime Proxy Server, do the following:
1.      Navigate to the following directory: wp_profile_root\\installedApps\\node_name\\AJAX Proxy Configuration.ear\\wp.proxy.config.war\\WEB-INF
2.       Locate and open proxy-config.xml with any text editor.
3.       Locate the following element: .
4.       Copy and paste the following XML beneath that element:

     
         GET
         HEAD
         POST
         PUT
         DELETE
     
     
         LTPAToken
         LTPAToken2
         JSESSIONID
     
     
         AllAuthenticatedUsers
     

5. Edit the XML you pasted into the file to specify the server name and port number for Lotus Sametime Proxy Server.
6. Save and close proxy-config.xml.
7. Use the following command below to check the proxy-config.xml file in Websphere portal.
8. Now run the following command below:
ConfigEngine.bat checkin-wp-proxy-config -DProxyConfigFileName=dir_path/proxy-config.xml
Where dir_path/your_updated_proxy_file.name is the complete path of your modified proxy-config.xml file.

No comments:

Post a Comment