Contents | Next
You run the IBM® Lotus® Sametime® configuration task on the IBM Lotus Quickr™
server. Running the task allows Lotus Quickr to recognize the presence
of the Lotus Sametime server so that Lotus Collaborative Services can use
the server for support of the Chat link on the Person menu.
Lotus Quickr (which includes Collaborative Services) and a Lotus Sametime
server both must be installed before you can run this task.
Commands are case sensitive.
During the instructions for this task, you will edit the wpconfig.properties
file. Create a backup copy of this file before performing the following
For security reasons, you should not store passwords in the wpconfig.properties
file. Edit the wpconfig.properties before running a configuration task,
inserting the passwords needed for that task. Then, after the task has
run, delete all passwords from the wpconfig.properties file.
Perform the following steps to run the configuration task:
1. Use the following commands to stop Lotus
--Open a command prompt and change to the following
--Enter the following command:
stopServer.bat WebSphere_Portal -user admin_userid -password admin_password
The default name of the application server is the profile name.
2. Locate the wpconfig.properties file and make
a backup copy before changing any values. The file is located in the following
3. Use a text editor to
open the wpconfig.properties file and enter the appropriate values for
your environment. Note the following:
- Do not change any settings other than those specified
in these steps. For instructions on working with these properties, see
descriptions of the properties, including default values.
- Use / instead of \ for all platforms.
- Some values may need to be modified to your specific environment.
- Section of properties file: Lotus Sametime Properties
||Description: The property that determines whether Lotus
Sametime is enabled. |
Note Setting LCC.Sametime.Enabled to true enables this component. Setting
the value to false disables it,
Recommended Value: true
Default Value: false
||Description: The name of the Lotus Sametime server. |
Recommended Value: my.server.com
Default Value: my.server.com
||Description: The protocol used to connect to the Lotus
Sametime server. |
Recommended Value: http
Default Value: http
||Description: The port number for the Lotus Sametime server.
Recommended Value: 80
Default Value: 80
4. Save the file.
5. Change to the quickr_server_root/config directory
and type the following command:
6. Check the output for any error messages. If
you encounter an error, check the appropriate logs file for more information.
7. Use the following commands to start Lotus
--Open a command prompt and change to the following
--Enter the following command:
Configuring single sign-on between Lotus Quickr and Lotus Sametime
You configure the single sign-on (SSO) feature between the Lotus Quickr
server and the Lotus Domino server running Lotus Sametime to support Chat
features provided by Lotus Sametime. A user can log into Lotus Quickr and
then use Chat features without having to enter additional credentials for
Understanding Single Sign-On
All servers participating in single sign-on must be in the same Internet
To enable single sign-on, you must enable the IBM LTPA capabilities included
in both WebSphere® Application Server and Lotus Domino. The WebSphere LTPA
token generated by WebSphere Application Server is imported into Lotus
Domino, and this token can be used for all servers within the Lotus Domino
To enable single sign-on across multiple Lotus Domino domains, import the
same WebSphere LTPA token into those Lotus Domino domains.
One Web SSO configuration document per Lotus Domino domain can be replicated
to all the other Lotus Domino servers in that domain, but enabling multi-server
authentication must be done individually for every server in a Lotus Domino
Additional configuration may be needed if Lotus Quickr is configured for
The following set of tasks for configuring SSO assumes that no Web SSO
configuration document exists in Lotus Domino. Before you begin the SSO
tasks, to see whether a document exists and whether it contains the required
WebSphere LTPA key file, perform the following steps:
1. In the Lotus Notes client, open the NAMES.NSF
file on the Domino server you want to include in single sign-on (for example,
a Domino server running Lotus Sametime).
2. Click Configuration > Web > Web Configurations
to open the Web Configurations view. If you see a Web SSO Configurations
triangle with a Web SSO Configuration for LTPA document, the Web SSO configuration
document already exists.
3. If the document exists and already contains the
WebSphere LTPA key, perform the following steps:
--Open the document on the server where it was created,
and add the name of the Lotus Domino server you want to include in single
sign-on to the Domino Server Names field in the document.
--Replicate the change to any other Lotus Domino servers
in your site by typing the following command on the Lotus Domino server
console on the source server (server where you added the new server's name):
rep server_name/org_name names.nsf
--For the change to take effect, restart the Lotus
Domino server where you typed the command.
--Instead of performing the sequence of single sign-on
configuration tasks in the section below, proceed to Testing single sign-on.
4. If the Web SSO configuration document does
not exist, contains a different key (for example, a key created during
the installation of Lotus Sametime), or if you are unsure if it is the
same key exported from your Lotus Quickr server, perform the following
steps to delete the unwanted key:
5. Locate the document that contains the key.
6. Set Session authentication to disabled
each participating server listed in the document.
7. Delete the document that contains the key,
or back it up under a name other than "LtpaToken."
8. Replicate this change around to all other
Lotus Domino server(s) in your site as above.
9. Re-acquire the key by performing all the following
tasks listed for configuring single sign-on.
The following tasks configure single sign-on (SSO) between Lotus Quickr
and Lotus Domino.
To include a Lotus Domino server running Lotus Sametime in single sign-on,
perform all tasks:
- Retrieving the WebSphere LTPA key
- Importing the WebSphere LTPA key into Lotus Domino
- Enabling multi-server SSO authentication
- Increasing SSO security by preventing anonymous access
to HTML files
- Testing Lotus Sametime chat features
Retrieving the WebSphere LTPA key
You retrieve the WebSphere LTPA key from the Lotus Quickr server so that
you can use the key on the Lotus Domino server that runs Lotus Sametime.
If you have already retrieved the WebSphere LTPA key for another application
(for example, IBM Tivoli® Access Manager for e-business) you can skip this
If the release of IBM WebSphere Application Server configured in your site
is 22.214.171.124 or later, before retrieving the LTPA key for single sign-on,
make sure the Web inbound security attribute propagation option is disabled
as described in the procedure below. For details on this feature, see Implementing
single signon to minimize Web user authentications
as well as the section on Horizontal
Security attribute propagation, both in the WebSphere Application Server
1. Perform the following steps:
2. On the WebSphere Application Server, start
the administrative console and log in.
3. Select Security > Global security
4. Under Authentication, click Authentication
mechanisms > LTPA
5. Under Additional properties (on the right),
click Single signon (SSO)
6. Make sure Web inbound security attribute propagation
is deselected. If you must make a change to it, click Apply
7. Click the LTPA link to return to the Configuration
8. Type a password in the Password field and
enter a name, path and file name in the Key File Name
Make a note of the password; you will need it during your next
SSO task when you import the LTPA key into the Lotus Domino server.
9. Click the Export Keys button.
10. If you made changes, click Save to apply
the changes to the master configuration, then Save again on the next screen.
11. Log out from the administrative console.
12. Copy the key file that was created during
the export process to a location that is accessible to the Lotus Domino
Importing the WebSphere LTPA key into Lotus Domino
You create a Web SSO configuration document on the Lotus Domino server
that runs Lotus Sametime. Then you import the WebSphere LTPA key retrieved
from the Lotus Quickr server into the document, so that the same token
can be used for single sign-on on both servers.
Perform the following steps:
1. Using the file system on both servers, copy
the key file you retrieved from the Lotus Quickr server during the task
in the previous topic to the Lotus Domino server, so that the file will
be available for importing.
2. On the Lotus Domino server, start the Lotus
Domino Administration client.
3. Open the Domino Directory (NAMES.NSF) database.
4. On the left, click Configuration >
Servers > All Server Documents
5. On the right, click the Web action button,
and select Create Web SSO Configuration
from the drop-down menu.
Type the domain suffix in the DNS Domain field. This should match the Domain
Name you entered in the Lotus Quickr server.
The domain suffix is the part of your domain address that is common
to all the Lotus Domino servers you want to include in single sign-on,
including the period. For example, the domain suffix of a server called
6. Add the Domino hierarchical names of the Lotus
Domino servers that will participate in the SSO domain in the Domino Server
Names field. For example, sales/renovationscorp.
You do not need to enter the name of the WebSphere® Application
7. Select Import WebSphere LTPA Keys
the Keys menu, and then click OK
8. Type the path and name of LTPA key file, and
then click OK
9. Type the password for the LTPA key, and then
10. Click OK
to the message that states
that the key import is successful.
11. Click Save & Close
Contents | Next