Completing single sign-on setup for IBM iAdded by IBM on September 9, 2010 | Version 1 (Original)
|After you have created or edited the Web SSO Configuration document for the domain, complete single sign-on setup.
After you have created or edited the Web SSO Configuration document for the domain, complete single sign-on setup.
Perform the following steps:
- Add the following setting to the notes.ini file of each IBM® Lotus® Quickr™ server that you will enable for single sign-on. This step prevents anonymous access to files in the html directory:
- Enable multi-server session-based authentication in the Server document for each Lotus Quickr server that you want to enable for single-sign on:
- Open the Domino® Directory (names.nsf) on the server.
- Click the view Configuration -> Servers -> All Server Documents.
- Click the Server document for the server and click Edit Server.
- Click Ports -> Internet Ports -> Web, and enable Name-and-password authentication for the Web (HTTP or HTTPS) port.
- Click the Internet Protocols - Domino Web Engine tab.
- Next to Session authentication, select Multiple Servers (SSO).
- Next to Web SSO Configuration, select LtpaToken.
- Click Save & Close.
- Create the Domino Web Server Configuration database (domcfg.nsf) if it does not exist:
- From Lotus Domino administration, choose File -> Application -> New.
- Next to Server at the top of the dialog box, select the server that runs Lotus Quickr.
- Next to Title, type a descriptive title, for example, Web Server Configuration.
- Next to File name, type domcfg.nsf. You must use this file name.
- Next to Server in the middle of the dialog box, select any server.
- Click Show advanced templates.
- Next to Template, select Domino Web Server Configuration (domcfg5.ntf).
- Click OK.
- Create a mapping form in the Domino Web Server Configuration database to enable single-sign on to work with Lotus Quickr:
- Open the Web Server Configuration database (domcfg.nsf).
- Click Add Mapping.
- Next to Applies To, select All Web Sites/Entire Server (default) or Specific Web Site/Virtual Server. If you select Specific Web Site/Virtual Server, a new field displays in which you specify the IP addresses of the Web Site documents or Virtual Servers.
- Next to Target Database, type LotusQuickr/resources.nsf, replacing the default entry.
The path is case-sensitive on UNIX®. If you upgraded from an earlier release and did not change the root directory name, type QuickPlace/resources.nsf.
- Next to Target Form, type QuickPlaceLoginForm.
Note: The QuickPlaceLoginForm form is important for the local administrator's account to be able to sign in. This login form has special code to handle Quickr-specific users. It is not required for other servers because SSO does not work for local or Quickr-specific users.
- Click Save & Close.
- Replicate the database to all the Lotus Quickr servers that will use single sign-on.
- After the Domino Web Server Configuration database has replicated, at the server console of each server, enter the following command to stop and restart the server:
The message "Successfully loaded Web SSO Configuration" confirms single sign-on setup.
Parent topic: Configuring multiserver single signon for IBM i: qd85