Abstract
This document outlines the experience of the IBM® System Verification Test
(SVT) team while they installed, configured and tested Lotus® Domino-Quickr
Server 8.2
and Lotus® Domino LDAP on a Windows® 2003 Server enabled with CA SiteMinder
security. The goal of our testing was to ensure that all users could log
into the Lotus® Domino-Quickr server and SiteMinder configuration then
seamlessly work with Lotus® Domino-Quickr while being protected by SiteMinder
security.
Content Introduction
This deployment required the install and configuration of a Lotus® Domino-Quickr
server, and CA SiteMinder. The set up and configuration of Lotus®
Domino LDAP
Directory server all on Windows 2003 Server SP2 Operating System.
Infrastructure Diagram
The infrastructure described below shows in diagrammatic form the experience
in the set up, configuration and resources used for this deployment. We
deployed a SiteMinder Policy server for implementing secure login. User
directory services were provided by Lotus® Domino LDAP Directory Server.
"
"
Specification
The following table below lists the specification for all the computers
used in the infrastructure.
Windows
| Machine
| OS
| Software
| Specification
|
Domino-Quickr Server
LDAP Server
| Windows 2003 Server SP2
| Lotus® Domino v8.5
Quickr-D v8.2
Netegrity SiteMinder V6QMR5
Lotus® Domino v8.5
| 2 CPUs @3.4GHz - 4 Gig Ram
|
| SiteMinder Policy Server
| Windows 2000 Advanced Server SP4
| CA SiteMinder V6QMR5
| 1 CPUs @3.0GHz - 4 Gig RAM |
Installation
There are three installs that takes place for this configuration to enable
CA SiteMinder security with Lotus® Domino-Quickr.
- Lotus® Domino Server
- Lotus® Domino-Quickr Server
- CA SiteMinder WebAgent
The SiteMinder WebAgent is employed on the Quickr server to enable SiteMinder
and protect Quickr and it's web services.
__
Installing the Lotus® Domino server
If installing from a network drive, navigate to the directory that contains
the installation kit.
Double-click the
setup.exe file to launch the installer then click
Next button to continue
Accept the license agreement by checking the radio button and click
Next
to continue
The default program directory where Lotus Domino program files will be
installed, click
Next to continue
The default data directory where Lotus Domino data files will be installed,
click
Next to continue
Select
Domino Enterprise Server option then click
Next to
continue
Check that program and data directory are correct, and the
Domino Kit
Type is Enterprise Server, then click
Next to begin install
Progress status of Lotus Domino installation
On successful completion of installation, click
Finish button to
close installer window
__
Setup the Lotus® Domino server
After installation of Lotus Domino server a desktop icon would have been
created, double-click the icon to launch the setup program
Select
Set up the first server or stand-alone server, then click
Next to continue
Enter the
Server name and
Server title then click
Next
to continue
Enter the
Organisation name and password for the Organisation Certifier,
confirm the password by re-typing then click
Next to continue
Enter the
Domino domain name and click
Next to continue
Enter the Administrators name and password, confirm password by re-typing.
Select
Also save a local copy of the ID file, and click Browse to
navigate
directory where file will be saved, then click
Next to continue
Check the boxes
Web Browsers (HTTP services) and
Directory services
(LDAP services), then click
Customize button
Scroll-down using sidebar and de-select
Rooms and Resources Manager
as this is not a requirement for this setup, and click
OK
To enable the settings below click
Customize button
Select checkbox
TCP/IP and enter the
fully qualified host name
for the Domino server then click
OK. The screen above will be
the result of the entries.
Accept the defaults and click
Next to continue
Review the details to confirm and click
Next to continue and
start the setup process
The progress status of the Domino Server setup
On successful completion of the Domino Server setup click the
Finish
button. The Domino server is now ready to be launched using desktop icon.
__
Installing the Lotus® Quickr-D server
If installing from a network drive, navigate to the directory that contains
the installation kit.
Double-click the
setup.exe file to launch the installer then click
Next button to continue the install of Quickr
Accept or change the default program directory where Quickr program files
will be installed, click
Next to continue
Select radio button
Install Quickr Standard (license required) and
click
Next to continue
Check the current setting for program and data directories, and click
Next
to continue install of Quickr.
Progress status of Quickr installation setup
On successful completion of install click
Next to continue
Enter the
User name,
Password and
Verify password
for the Quickr Administrator then click
Next to continue.
Click
Finish to complete and close the installer window.
For further information on installations -
http://infocenters.lotus.com/quickr/index.jsp?topic=/com.ibm.lotus.quickr.dominov82.doc/install/toc_installing.html
Configuring Domino Directory (LDAP) Services for Quickr
The Domino Administrator client must be installed in order to carry out
the following tasks.
Open the Domino Administrator client select the
Configuration tab,
and select the server to administer. Double-click to open Server document,
select
Internet Protocols
tab, then
HTTP tab. Now enter the fully qualified domain name
of server in the
Host name(s) field.
Select the
Domino Web Engine tab, in
Session authentication
field select
Single Server from drop-down list. From the drop-down
list in
Java servlet support
field select
Domino Servlet Manager. Now Save & Close the server
document then restart the Domino server for changes to take effect.
Now launch web browser and type-in URL of Quickr server.
Example: http://yourservername.acme.com/lotusquickr
Scroll down to foot of page and select Site Administration to administer
the Domino Quickr server.
Click the
User Directory option in the menu pane to select
In the Directory section select
LDAP Server from the drop-down list,
and in the Name field type-in the Domino server hosting LDAP services i.e:-
(yourservername.acme.com). Check box
Check to use credentials specified
below when searching the directory, then enter the
Username
and
Password.
Now click the
Next button to continue save & close the document.
The HTTP server must be restarted on Domino Quickr server in order for
all changes to take effect.
Log onto Domino Quickr server and go to Domino console, type-in the following
command to automatically shutdown and restart the HTTP server.
> tell http restart
Launch web browser and type-in URL of the Domino Quickr server, when login
screen appears ensure you are able to login correctly as the Domino Quickr
Administrator, and registered users from the Domino LDAP Directory.
Installing the SiteMinder WebAgent
Netegrity SiteMinder software used for this infrastructure is as follows:-
· Smwa-6qmr5-cr025-win32.exe (executable file)
· SiteMinder V6QMR5-CR025-WebAgent
The following steps were taken to install the SiteMinder WegAgent software:-
Download the Netegrity zip file to a location on the Lotus®
Domino-Quickr server, and unzip to a folder of choosing.
Example:
c:\software\smwa-6qmr5-cr025-win32.zip
· Launch the executable file smwa-6qmr5-cr025-win32.exe
and accept the License Agreement then click ‘Next’
· Choose the folder location where software
is to be installed and click ‘Next’
Example: c:\program files\netegrity\webagent
· Accept the default settings by clicking ‘Next’
button
· Check that all selected parameters are correct
then click ‘Install’ to start the installation
Once the installation is complete you will be requested to restart your
operating system.
Do a restart of the operating system.
Configuring the SiteMinder WebAgent
Now the system has restarted successfully, you can now configure the SiteMinder
WebAgent to run on the Lotus Domino-Quickr server.
· Launch the executable file from the location
it was saved from previous installation
· When the registration screen appears click
‘Next’ to accept the default of
‘Yes, I would like to do Host
Registration now’
· On the next screen fill in the required Trusted
Host Name and Host Configuration Object details. This will be available
from your SiteMinder
administrator.
· Check box for Lotus Domino 8 to select Web
Server(s) to use
· Enter the ‘Agent Configuration Object’ details
and click ‘Next’
· Click ‘Install’ button on Web Configuration
Summary screen to continue and complete
Trusted Host Name and Configuration Object screen
Host Configuration file location screen
The Agent Configuration Object is the definition file which identifies
the Quickr server on the SiteMinder Policy server, the SiteMinder administrator
will supply the
file name and once inserted as shown below it updates this information
in the
WebAgent.conf file on the Lotus® Domino-Quickr server.
Agent Configuration Object screen
Configuration Complete screen
· Click ‘Done’ button and restart the server
· Once server is restarted continue with remaining
configuration steps
Copying Samples Folders’
The WebAgent provides a number of HTML sample files that can be customized
for the look and feel of the login screen.
Learn more about this…
http://www-01.ibm.com/support/docview.wss?uid=swg21292548
Open windows explorer on Lotus Domino-Quickr server to find the samples
folder. On this test deployment, the samples folder was found in the following
directory: -
c:\program files\netegrity\samples
· Create a folder for SiteMinder samples forms
in the Domino directory. In this test case: -
c:\program f
files\IBM\lotus\domino\data\domino\html\siteminderagent
· Open Windows Explorer and go to the
Samples
folder
· From menu-bar select
Edit >
Select
All to highlight all folders within the
Samples folder
· Copy all the folders highlighted in the
Samples
folder
· Paste the copied folders into the Domino directory,
in this test case the directory path is directory that was created in previous
step shown above: -
c:\program files\IBM\lotus\domino\data\domino\html\siteminderagent
Edit Quickr-D NOTES.INI file
After the successful completion of WebAgent installation, the following
parameters should have been added to the
notes.ini file on the Lotus®
Domino-Quickr server
during the WebAgent installation, but it is recommended that the file is
checked in case there is a need for parameters to be manually added.
· Locate and open the
notes.ini file
and add the following lines: -
·
QucikPlaceDSAPIFilters=C:\Program
Files\netegrity\webagent\bin\DOMINOWebAgent.dll
·
QuickPlaceUseDSAPIDNS=1
·
h_ScopeURLINQP=1
Edit WebAgent Configuration file
The
WebAgent.conf file must now be edited to ensure when the
Lotus® Domino-Quickr server is started the SiteMinder Domino WebAgent is
enabled
for Single Sign-On to work correctly.
On the Lotus Domino-Quickr server machine, from Windows Explorer go to
path where the file is located and open using a text editor such as Wordpad
or Notepad
Example: C:\Program Files\IBM\Lotus\Domino\WebAgent.conf
· Now edit line
EnableWebAgent="NO"
to
"YES"
· Also add the following parameter lines as
shown in screen below: -
·
DominoLookUpHeaderforLogin="YES"
·
DominoUseHeaderforLogin="HTTP_SM_USER"
·
SkipDominoAuth="NO"
·
DominoNormalizeUrls="NO"
The following screenshot is the expected output on Domino-Quickr console
when WebAgent
IS enabled.
Configure Server Document for – DSAPI Agent
The install and configuration of SiteMinder WebAgent is now complete, and
the
notes.ini has been updated on the Lotus® Domino-Quickr server.
Now the final step is to configure the server(s) Server Document as follows:
-
Open the Domino Administrator client click on the Configuration tab, then
click on
All Server Documents in the left-hand pane, then select
the server
you wish to edit
Now select
Internet
Protocols tab then
Domino
Web Engine tab, and in
HTTP
Sessions section ensure
Session Authentication: is
Disabled
Select the
HTTP
tab then go to the
DSAPI
section and enter the full path location of the
DominoWebAgent.dll
file. Click 'Save & Close' button to save the
changes made to the server document.
It is recommended the Lotus® Domino-Quickr server be rebooted so all above
changes can take effect immediately.