Creating a Web SSO document for IBM iAdded by IBM on December 16, 2010 | Version 1 (Original)
|Create a Web SSO Configuration document if there is not one already.
Create a Web SSO Configuration document if there is not one already.
About this task
The following steps pertain directly to configuration for Lotus® Quickr™. For complete explanations of all fields on the Web SSO configuration document, refer to the Lotus Notes and Domino Information center
- Open the Domino Directory (names.nsf) of an IBM® Lotus Quickr server in the domain.
- Click the Configuration -> Servers -> All Server Documents view.
- Click Web and then cllick Create Web SSO Configuration.
- Click Keys at the top of the Web SSO Configuration document.
- To Initialize the Web SSO Configuration with a Domino shared secret key, click Create Domino SSO Key.
- Complete the rest of the document as follows:
|Configuration Name||Type LtpaToken. This value is required.|
|Organization||Leave this field blank so the document appears in the Web Configurations view.|
|DNS Domain||(Required) Type the DNS domain (for example, acme.com) for which the tokens will be generated. The servers enabled for single sign-on must all belong to the same DNS domain.|
|Domino Server Names||Type the names of the IBM Lotus Domino servers to participate in single sign-on; for example, server1/acme, server2/acme. This document is encrypted so that only you, the members of the Owners and Administrators fields, and the servers specified may edit it.|
Note: Type only Lotus Domino server names in this field; group names, wild cards, and WebSphere® server names are not allowed.
|Expiration (minutes) ||Specify the time period, in minutes, after which the token will expire. The default is 30 minutes. |
Note: The token will expire after this time period, regardless of whether the user is idle or not. Therefore, you may wish to increase the period to a larger amount to ensure users are not prompted to re-authenticate often.
|Idle Session Timeout||Click Enabled and specify a Minimum Timeout value, in minutes, to indicate the number of minutes of inactivity after which the token will expire. |
- Click Save & Close to save the Web SSO Configuration document in the Web - Web Configurations view. A message on the status bar indicates the number of servers or people for whom the document is encrypted.
If you receive messages on the client indicating that a particular key was not found for encrypting the document, you might have to change your client's location document to point to a different mail or directory server that has all the public keys included in Server and Person documents.
- If multiple servers will be using the SSO configuration, you must replicate names.nsf to each server so that they can accept the new configuration. You can run the replica command in the console using: load replica [targetserver] names.nsf.
1. Editing a Web SSO document for IBM i
A Web SSO Configuration document may already exist for the domain. This might be the case, for example, if a IBM Lotus Sametime® server is also installed in the domain. In this case, add the Lotus Domino names of the IBM Lotus Quickr servers to the existing Web SSO Configuration document.
Parent topic: Configuring multi-server single sign-on for IBM i