After creating LTPA keys for Sametime servers, configure the Sametime Community Server for single sign-on.
Before you begin
Make sure all servers use the same LDAP directory.
About this task
By default the Sametime installation creates a Domino
® SSO key. This key should be replaced by the WebSphere
® LTPA key you exported in the previous section, Preparing servers running WebSphere Application Server for single sign-on
. Follow these steps to import the LTPA key from WebSphere
Parent topic: Setting up single sign-on (SSO) for Sametime clients
- Import the LTPA keys used by Sametime servers in the same DNS domain.
- Open the names.nsf file on the Domino server for the Sametime Community Server.
- Click Configuration -> Web Web Configurations view.
- Open the Web SSO Configuration for LtpaToken document.
- Click Edit SSO Configuration.
- Click Keys -> Import WebSphere LTPA keys.
- Type in the exact file location of the key file you created on the Sametime SIP Proxy and Registrar server.
- Enter the password you created on the server when you enabled single sign-on.
- Click OK.
The message "Successfully imported WebSphere LTPA keys" appears after the key has been imported.
- For Domino 8.0 and higher:
Sametime 8.5 requires Lotus
8.0 and higher; if you are maintaining an older Sametime server it may be running a version of Lotus Domino
prior to R8.
In the Token Format field of the WebSphere
Information section, select the LTPA token formats to be supported by Domino
- LtpaToken - LTPAv1 only
- LtpaToken2 - LTPAv2 only
- LtpaToken and LtpaToken2 - both LTPAv1 and LTPAv2 formats are supported
With this last option selected, both tokens are created, but the token returned to the client is determined by the TOKEN_TYPE_TO_RETURN flag under the AuthToken section of sametime.ini. The default value is LTPA, which returns the LTPAv1 token. Changing the value to LTPA2 results in the LTPAv2 token being returned instead.
- Click Save and Close.
- Configure the Sametime Community Server so that LtpaToken gets set by the Sametime Proxy web client instead of the Sametime token:
- Log in to the Sametime System Console as the Sametime administrator.
- Click Sametime Servers -> Sametime Community Servers.
- In the list of Community Servers, click the name of a Sametime Community Server to open its Configuration page.
- Click the Community Services tab.
- Under the "General" section, select the authentication type that users can use while logging into the community server: LTPA only.
- Restart the Lotus Domino server to put your changes into effect.