1. Configuring the SPNEGO for Quickr 8.5, please refer to this link:
http://www-10.lotus.com/ldd/lqwiki.nsf/dx/SPNEGO_SSO_Deployment_in_Lotus_Quickr_8.5_Services_for_Lotus_Domino
2. Configuring the SPNEGO for ECM P8 Server, please refer to this link:
http://www-01.ibm.com/support/docview.wss?rs=3273&uid=swg27018983
3. Integrated the Quickr 8.5 Server with P8 Server.
- Make sure Quickr 8.5 and P8 using the same system time and the same AD domain.
- Import the P8 SSO key into Quickr's Web SSO configuration on Quickr Domino Server
Perform the following steps to enable single sign-on between P8 and the Lotus Quickr server:
a. From the WebSphere Application Server Administrative Console(for P8 this Application server is FileNet Quickr Services), click Security>Global Security>Authentication Mechanisms and then select LTPA.
b. Click Single signon (SSO). Specify the Domain name and then click OK.
c. Generate the LTPA key. Specify a password and the file path where the key will be exported and then export the key.
d. Copy the SSO key to Quickr Server
e. Import the P8 SSO key into Quickr's Web SSO configuration on Quickr Domino Server
- Open the Quickr from Notes Administrator.
- Go to Configuration > Web... > View Current Configurations.
- Click "Create Web SSO Configuration"
- Click "Keys"> "Import Websphere LTPA Keys"
- Enter the path of LTPA key and click "OK", and then the password, and "OK"
- Enable the Windows single sign-on, and Map names.
the configuration should be like this:
- Edit the qpconfig.xml and inotes proxy, following this doc
<ecm_integration enabled="true">
<target_server>
http://ecmserver.cn.ibm.com:9080
</target_server>
<target_library>
/cmRoot/defaultApp/defaultLib
</target_library>
<target_folder>
/Test/
</target_folder>
<publish_type>
copy
</publish_type>
<allow_host_edit enabled ="false">
</allow_host_edit>
<force_defaultPublish_location enabled ="false">
</force_defaultPublish_location >
<force_default_operation enabled = "false">
</force_default_operation>
<metaDataMapping>
<form_4CF46B0FFCD3EE67482576E7003D0266 formName="MappingTestG">
<mappingInfo docType="CM_Briefing">
</mappingInfo>
</form_4CF46B0FFCD3EE67482576E7003D0266>
</metaDataMapping>
<ECM_Search_Target name="p8" url="http://ecmserver.cn.ibm.com:9080"/>
</ecm_integration>
- Configure the inotes proxy configuration on Quickr Server:
a. Open Quickr server Names.nsf from your Domino Administration client. You will be creating a policy document for every subdomain in your domain name. For example, if your domain is mul.ie.ibm.com, you will be creating 4 policy documents. In the example below, we assume that the domain name is cn.ibm.com:
b. Create a policy, and select the "Police type" to "Organizational", "Policy name" is "*/ibm", save this policy.
c. Create a policy, and select the "Police type" to "Organizational", "Policy name" is "*/cn", save this policy.
d. Create a policy, and select the "Police type" to "Organizational", "Policy name" is "*/com", save this policy, this following your domain, if you use the dublin.ibm.com, you also need add the */dublin in here.
e. Create a security document and named "security" and configure the "Proxies" tab.
- Click the Create... link from the Policies section, then select the "Settings" radio button, select the "Security" option.
- Input the Secuity Settings Name, for example: "security"
- Edit list, add your ECM server white-list.
context= /xsp/proxy/BasicProxy/
url=http://ecmserver.cn.ibm.com:9080/
actions=GET,POST,HEAD,PUT,DELETE
cookies=*
headers=*
mime-types=*
- Set the "Security" field of the Policy documents created above to use the newly created Security document. In this example, we are using a Security document called "security"
- Save all and restart the server.