Skip to main content
This forum is closed to new posts and responses. New discussions are now taking place in the IBM Developer Answers forum.
 
developerWorks
AIX and UNIX
Information Mgmt
Lotus
New to Lotus
Products
How to buy
Downloads
Live demos
Technical library
Training
Support
Forums & community
Events
Rational
Tivoli
WebSphere
Java™ technology
Linux
Open source
SOA and Web services
Web development
XML
My developerWorks
About dW
Submit content
Feedback



developerWorks  >  Lotus  >  Forums & community  >  IBM Sametime Forum

IBM Sametime Forum

developerWorks

  

PreviousPrevious NextNext

RE: Notes client Domino Token Based SSO with AD LDAP ?
Ben Williams 22.Jul.15 08:03 AM Lotus Notes
Administration 9.0 All Platforms


If they have Sametime 9 then they should also have an SSC which sits on WAS. You should not install a Sametime 9 Community server without an SSC.

The SSC should be capable of handling SPNEGO although in only one other deployment the customer used a separate node as the SPNEGO enabled apps server.

But if we want to use SSO in Notes client (without saving username and password) then we are forced to use SPNEGO, and there are no alternatives, right? Correct if you are using AD as the LDAP source for Sametime.

If the customer continued to use Domino then you could use "Domino single sign on" which means that the notes ID is passed to the Community server (or alternative Domino authentication server) and the ID is queried. If the user has access via their Notes ID then an LtpaToken is passed back to a mini web server running in the Sametime client. This LtpaToken is then passed to the Community server and that is used to sign in (without a password) to the Community server.

"Domino single sign on" only works if you are using the embedded Sametime client in Notes. If you use a standalone Connect client then you're only option is SPENGO.

"Domino single sign on" doesn't require an HTTP password to be present BUT other applications may need it if you use Domino as the LDAP source.

Customer does not have any SPNEGO-enabled WebSphere server to use for Authentication URL (and they do not want this one nor they have license for it) Please explain what license they have. Even if they are using Sametime based on Domino licensing they are able to run an SSC and STProxy for iNotes (no mobile), This provides you with a licensed option to install WAS.

http://www-01.ibm.com/software/lotus/notesanddomino/additionalswentitlements.html



Notes clients need to be re-configured from Domino Token Based SSO to SPNEGO SSO (and I know from experience that it is a very problematic process to change login information in the notes client) It can be a problem but if you have a good grasp of managed-settings.xml then it is possible. In my opinion, using managed-settings.xml works very well. Please do not try to use Domino desktop policies to control Eclipse settings, they are awful and rarely work as you expect.

I have not been faced with a change from one LDAP type to another. WAS should handle this OK as it's just a federated repository but the Community server will need to be reinstalled and possibly you may have issues with the SSC.

You'd be better creating a second environment using AD and then migrating users using managed-settings.xml and managed-community-configs.xml to handle the redirection of the client.

A well planned migration can work well. Yes there will be some problems but these will be client side and normally only small in number.




Notes client Domino Token Based SSO... (Anders Aslund 22.Jul.15)
. . RE: Notes client Domino Token Based... (Ben Williams 22.Jul.15)
. . . . RE: Notes client Domino Token Based... (Anders Aslund 22.Jul.15)
. . . . . . RE: Notes client Domino Token Based... (Barry Shapiro 22.Jul.15)
. . . . . . RE: Notes client Domino Token Based... (Ben Williams 23.Jul.15)


Document Options






  Document options
Print this pagePrint this page

Search this forum

Forum views and search


  Forum views and search
Date (threaded)
Date (flat)
With excerpt
Author
Category
Platform
Release
Advanced search

Member Tools


RSS Feeds

 RSS feedsRSS
All forum posts RSS
All main topics RSS
More Lotus RSS feeds

Resources

 Resources
Forum use and etiquette
Native Notes Access
Web site Feedback

Lotus Support

 Lotus Support
IBM Support Portal - Lotus software
Lotus Support documents
Lotus support by product
Lotus support downloads
Lotus support RSS feeds

Wikis

 Wikis
IBM Composite Applications
IBM Mashup Center
IBM Connections
IBM Connections Cloud Developers
IBM Docs
IBM Forms
IBM Mobile Connect
IBM Sametime
IBM SmartCloud for Social Business
IBM Web Experience Factory
Lotus Domino
Lotus Domino Designer
Lotus Expeditor
Lotus Foundations
Lotus iNotes
Lotus Instructor Community Courseware
Lotus Notes
Lotus Notes & Domino Application Development
Lotus Notes Traveler
Lotus Protector
Lotus Quickr
Lotus Symphony
IBM Web Content Manager
WebSphere Portal

Lotus Forums


 Lotus Forums
Notes/Domino 9.0
Notes/Domino 8.5 + Traveler
Notes/Domino XPages development forum
Notes/Domino 8
Notes/Domino 6 and 7
IBM Connections
IBM Mobile Connect
IBM Sametime
IBM SmartCloud Notes
Lotus Enterprise Integration
Lotus Protector
Lotus Quickr
Lotus SmartSuite