Preparing the servers to enable Lotus Sametime features in placesAdded by IBM | Edited by Harold Morgan on February 8, 2011 | Version 2 (Show original)
|Before you enable IBM® Lotus® Sametime® features in places you must prepare the servers.
Before you enable IBM® Lotus® Sametime® features in places you must prepare the servers.
About this task
The steps described here assume that you are enabling the Lotus Sametime features for the first time rather than upgrading an existing integration configuration. The steps also assume that you installed either Lotus Sametime or IBM Lotus Quickr™ first and are now integrating with the other product. If instead you are installing both of the products at the same time, you should set up multi-server session-based authentication (single sign-on) between the IBM Lotus Domino® servers on which they run before installing the products. Using this approach, you can first isolate and solve any authentication problems that might arise between the Lotus Domino servers.
Perform the following steps:
- Make sure that you have installed or upgraded to Lotus Quickr. When prompted for the administrator name and password during a new installation, type a name that is not in the directory used for Quickr lookups.
- Connect Lotus Quickr to the same directory that you also use for Lotus Sametime. Both servers must use the same directory.
- Make sure that you have installed the appropriate version of Lotus Sametime. For more information, see the Lotus Sametime installation guide that is appropriate for your platform, available on the Web at http://www.lotus.com/ldd/doc.
Note: Configure the Lotus Sametime server to use HTTP port 80 or to tunnel over port 80; this step is required for the awareness feature. Verify that awareness and instant messaging are working for Lotus Sametime. If you plan to integrate Web conferencing (meetings) with Lotus Quickr, verify, too, that Web conferencing is working. Perform the following steps to update the Web SSO Configuration for Ltpa token document that was created when you installed Lotus Sametime:
Perform the following steps to enable single sign-on authentication on the Lotus Quickr server:
- Ensure that the Lotus Domino Directory on the server has replicated throughout the Lotus Domino domain since you installed Lotus Sametime.
- Using IBM Lotus Notes® open the Lotus Domino Directory on the Lotus Sametime server.
- Click the Configuration -> Web Server Configurations view.
- From within this view, expand the list of Web SSO Configurations.
- Open the Web SSO Configuration for Ltpa Token document in edit mode. If you cannot edit the document, contact an administrator about getting edit access or editing the document for you.
- Make sure that the Domino Server Names field contains the name of each of the Lotus Quickr and Lotus Sametime servers that should participate in single sign-on.
- Make sure that the DNS Domain field contains the fully-qualified DNS domain name of the Lotus Quickr and Lotus Sametime servers.
- Click Keys -> Create Domino SSO Key if you want to create a new key for SSO.
- Open the Server document for the Lotus Sametime server.
- Click Internet Protocols -> Domino Web Engine.
- In the HTTP Sessions section, select LtpaToken in the Web SSO Configuration field.
- Click Save & Close.
- Replicate the edits to the Lotus Quickr server.
To be able to create an online meeting if the Lotus® Quickr™ server is enabled for SSL, perform the following steps:
- From IBM Lotus Notes, open the Lotus Domino Directory for the domain.
- Open the Server document for the Lotus Quickrserver in edit mode.
- Click Ports -> Internet Ports -> Web and then in the Name & password field for the Web port select Yes.
- Click Internet Protocols -> Domino Web Engine , and in the Session authentication field select Multiple Servers (SSO), and then click OK.
- In the Web SSO Configuration field, select LtpaToken.
- Click Save & Close.
- Add the following setting to the notes.ini file on the Lotus Quickrserver: NoWebFileSystemACLs=1
- Create a database from the Domino Web Server Configuration template (domcfg5.ntf), giving the database the file name domcfg.nsf.
- Open the database you created and click Add Mapping to open a mapping document.
- In the Target Database field of the mapping document, type lotusquickr/resources.nsf.
- In the Target Form field, type QuickPlaceLoginForm, and then click Save & Close to save the document.
Restart the Lotus Domino servers. Perform the following steps to verify that single sign-on is working between Lotus Quickr and Lotus Sametime:
- Using your preferred browser, export the SSL certificate, for example, named something similar to dq18sv.cer. Different browsers use slightly different methods for exporting certificates.
- Import the certificate into JRE security as follows:
- Launch ikeyman, the IBM® Key Management application, for example, located in C:\Program Files (x86)\IBM\Lotus\Domino\jvm\bin\ikeyman.exe.
- Select JCEKS as the key database type.
- Open C:\Program Files (x86)\IBM\Lotus\Domino\jvm\lib\security\cacerts using the password changeit.
- Switch to Signer Certificates, click Add, and import the certifier dq18sv.cer.
- Close ikeyman.
- Open java.security, for example, located under C:\Program Files (x86)\IBM\Lotus\Domino\jvm\lib\security\java.security.
- Change the keystore.type setting to jceks as follows: keystore.type=jceks.
- From a browser, connect to the Lotus Quickr server. Because multi-server sign-on is enabled, you must enter the fully qualified host name to connect, for example, http://qpserver.acme.com/quickplace
- Log in to Lotus Quickr using the name of an external user registered in the LDAP directory.
- Create a test place and verify that you can add several members from the LDAP directory.
- Using the same browser session, connect to the Lotus Sametime server. For example, enter http://stserver.acme.com/stcenter.nsf.
- Go to the Attend Meeting page and verify that you are still logged on to the server. If you can authenticate once and remain logged on to both Lotus Quickr and Lotus Sametime, multi-server sign-on is working. If you must authenticate more than once, multi-server sign-on is not working and you must resolve the problem before continuing.
Parent topic: Enabling Lotus Sametime features in places
Next topic: Enabling awareness and instant messaging in places