An account holds a set of properties (name/value pairs) used by an application to connect to a remote service.
You can have an account to connect to your personal mail server using POP3 to get your e-mail, an account to connect to an IBM
® Portal Server to access composite applications, or an LDAP account to do name look-up from the corporate directory. Some accounts might exist on the client, either created by applications or provisioned from IBM Lotus
® or WebSphere
Portal. Be careful when editing, removing, or creating new accounts, as these steps can cause some applications to no longer function. If you are not sure what to do, ask your administrator.
The following advanced properties for HTTP accounts are primarily used to specify additional properties needed to authenticate with either a WebSphere
Portal Server directly or an HTTP/Portal server protected by Tivoli
® Access Manager or Site Minder. Knowing what to enter for these properties requires specific knowledge of the HTTP infrastructure of an organization, and users are advised not to modify these properties unless they are given specific instructions from their administrator. This section provides enough information to use these properties, but it assumes some knowledge of the authentication mechanism being used.
HTTP Basic (default)
HTTP Basic is simple user name and password authentication. The authentication is done at the URL specified by the Server value, and all other advanced properties are ignored. This approach is analogous to opening a Web browser to the URL and the browser displaying a dialog asking for a user name and password.J2EE Form (advanced)
Portal Form (advanced)
J2EE-FORM is a standard way of authenticating with a Web application server, such as WebSphere
and Portal servers. A form is submitted to a URL that contains a user name and password. For WebSphere
and Portal servers, an LTPA token is returned, which can be used for future authentication. J2EE-FORM uses the Authentication URL (auth URL) property to connect to a servlet. The auth URL is used in one of the following two ways:
- If the auth URL is a complete and valid URL (for example, http://myportalserver.com/wps/j_security_check), then the auth URL is used to locate the servlet.
- If the auth URL is a partial URL (for example, /wps/j_security_check), then it is appended to the root of the Server value.
For example, if the server value is http://myserver.com/mycontextroot and the auth URL is /wps/j_security_check, then the URL used is http://myserver.com/wps/j_security_check.
Portal Form is a more advanced version of J2EE-FORM. The auth URL is set to a slightly different location. This auth URL generates both an LTPA token for authentication and a JSession cookie for session data. Portal form is used to communicate with portlets because J2EE-FORM does not provide the session cookie. Use J2EE-FORM to communicate with servlets hosted on Portal and WebSphere servers. Tivoli Access Manager Form and Site Minder Form (advanced)
TivoliUser Name Token (advanced)
Access Manager Form and Site Minder Form are used when the HTTP resource is protected by one of these technologies. The HTTP resource is configured to accept the authentication token provided by Tivoli
Access Manager or Site Minder. These auth types work in the same way as Portal form, except that a form is submitted that is specific to either Tivoli
Access Manager or Site Minder. The result of the authentication is a cookie that can be used to authenticate with any of the protected HTTP resources, including WebSphere
and Portal servers.
An account with the Tivoli
Access Manager Form or Site Minder Form authentication type can be further configured to correctly interact with a Tivoli
Access Manager or Site Minder server that has a custom configuration. The following properties can be set in a Tivoli
Access Manager or Site Minder account:
The custom user name key as specified in the Site Minder Login Formcustom_password_key
The custom password key as specified in the Site Minder Login Formcustom_target_key
The custom target key as specified in the Site Minder Login Formcustom_target
The custom target value to be returned to the Site Minder server as part of the login form response (POST)use_target_as_authurl
Directs the Tivoli Access Manager, Site Minder, or Portal-Form login module to use the URL requested by the URL handler as the auth url. When this option is specified, the custom_target and authentication URL account preferences are ignored. The value of this field is set to true or false.
The following list details the only supported Site Minder configurations:
- HTML form-based login
- HTML form-based login over SSL
- HTML form-based login over SSL with X509 client certificate verification
- Customized username and password labels on login form
- Persistent and non-persistent sessions
The following Site Minder configurations are NOT supported by Lotus Expeditor:
- Basic authentication
- Basic authentication over SSL
- Basic authentication over SSL with X509 client certificate verification
- Windows integrated authentication
- Custom authentication schemes
- Password change services
- Additional form attributes required for authentication
Servers with a login form that is not named login.fcc will not have session expiration support from Lotus Expeditor
User Name Token is an authentication mechanism used by Web Services. This authentication type is used only by child accounts that have selected the Use name and password of an existing account. User name token is used only if the Web Service does not accept any other form of authentication because it requires sending the user name and password on every request. This authentication type is rarely used and is to be avoided if possible. TAM SPNEGO (advanced)
Tivoli Access Manager SPNEGO is supported on Microsoft® Windows® operating systems only. It uses Active Directory to get a token based on the operating system log-in of the user. It then uses that token to authenticate with TAM, rather than using a user name and password. Apart from that difference, the result of the authentication is the same as for TAM Form.
The authentication URL is used only by J2EE-FORM and PORTAL Form because it needs to know where the authentication servlet is located. The value for this property can either be a complete URL or a path relative to the root of the server URL.
The authentication URL is required only by J2EE-FORM and PORTAL Form because it needs to know where the authentication servlet is located. The value for this property can be either a complete URL or a path relative to the root of the server URL. If the authentication URL is set for TAM Form or Site Minder Form, Lotus
Expeditor connects to the authentication URL to authenticate with the server. If the authentication URL is not set for TAM Form or Site Minder Form, Lotus
Expeditor uses the Account server property as the authentication URL.
Home Portal URL
Some applications require this value to interact properly with a WebSphere
Portal Server. When accessing a Portal server through a Web browser, by default the following URL is used:
The Home Portal URL in this case is the myportal
part. Because this part is configurable by the system administrator, the default value can be altered as needed in the advanced properties.
Enterprise Management Agent Accounts
Device User Name
The identity of a user machine for connecting to a Client Management server.Device User Password
The password of a user machine for connecting to a Client Management server.Server Address
Parent topic: Managing accounts
The server address consists of two parts: a URI and the path to the DM Servlet to contact for enrollment. Use one of the following to specify the Client Management server address:
- IP address
- Host name
- Host name plus domain name
SyncML/DM is the data synchronization protocol that the agent and server use to communicate. When the server has been configured to require authorization using SyncML/DM, append the following value to the Server Address:
If SyncML/DM authorization is not required by the server, append the following value to the Server Address instead: