Configuring Sametime Community Server to work behind WebSEAL reverse proxyAdded by IBM on November 23, 2011 | Version 1 (Original)
|If you are deploying the IBM Sametime Community Server behind a Tivoli WebSEAL reverse proxy server, there are some specific procedures and configurations you must employ to ensure the Lotus Sametime Community Server can operate behind the WebSEAL reverse proxy server.
If you are deploying the IBM Sametime Community Server behind a Tivoli WebSEAL reverse proxy server, there are some specific procedures and configurations you must employ to ensure the Lotus Sametime Community Server can operate behind the WebSEAL reverse proxy server.
- Follow the instructions below to enable HTTP tunneling on port 80 using the Sametime Administration Tool.
- From the Sametime home page, select Administer the server to open the Sametime Administration Tool.
- Select Configuration -> Connectivity -> Networks and Ports.
- Ensure that the Community Services Network -> Enable the Meeting Room client to try HTTP tunneling to the Community Server after trying other options setting is enabled.
- In the Community Services Network -> Address for HTTP tunneled client connections settings:
Click Update and then restart the server for the change to take effect.
- If your Sametime Community Server operates on a Microsoft Windows server, you can leave the Host name field blank.
- In the HTTP tunneling Port number field, delete port number 8082 and enter port number 80.
You must open the stlinks.js file on the Sametime Community Server and modify the following two lines to point to your WebSEAL reverse proxy server and WebSEAL junction. The WebSEAL junction is st in the example:
Enable reverse proxy support and specify the WebSEAL junction in the Sametime Administration Tool on the Sametime Community Server.
The WebSEAL reverse proxy server must be listening on the default ports of 80 and 443 for the changes above to work.
Create the Tivoli Access Manager WebSEAL junction. Issue the command as one line:
- Open the Sametime Administration Tool.
- Click Configuration -> Connectivity.
- In the "Reverse Proxy Support" section, click Enable Reverse Proxy Discovery on the client to enable the reverse proxy support.
- Enter the WebSEAL junction name in the Server Alias field. In this example, st is the WebSEAL junction name.
pdadmin> server task webseald- [servername] create -t tcp -h [sametime hostname] -p 80 -i -j -A -F [path to LTPA key]
-Z [LTPA key password]/junction
You cannot use the -w
parameter for this setup. Some requests generated by Sametime are not allowed through the junction if the -w
exists. You must also ensure that the LTPA key used in the junction is the same LTPA key that the Sametime Community Server uses in its Web SSO Configuration document.
What to do next
After performing this configuration, you should be able to log in to https://webseal/stjunction
and be prompted by WebSEAL for authentication. Once authenticated, SSO between WebSEAL and the Sametime Community Server should work and all requests for Sametime will route through WebSEAL.
Parent topic: Using reverse proxy or portal servers with the Sametime server