® single sign-on (SSO) authentication allows web users to log in once to a Domino
® or WebSphere
® server, and then access any other Domino
server in the same DNS domain that is enabled for single sign-on (SSO) without having to log in again. In a multiple server environment, it is possible that one or more servers in your Domino
domain are already configured for Domino
SSO, and the Domino
Directory already contains a Domino
Web SSO configuration document. When you install
Sametime, it creates a Web SSO configuration document called LtpaToken unless one already exists in the Domino
Directory. If an LtpaToken configuration document already exists, Sametime does not attempt to alter it.
About this task
In some cases, it may be necessary to alter the default configuration of the Domino
SSO feature following the Sametime
server installation. For instructions, see Altering the Domino Web SSO configuration following the Sametime server installation
Configuring the Domino Server for Web SSO
Complete the steps in this section if your Domino
server is not configured for Web SSO, and you want to use the Web SSO document that Sametime creates to configure it.
- From the Domino Administrator or a Lotus® Notes client, click File -> Database -> Open. Browse to the Domino server and type names.nsf in the Filename field. Click Open.
Note: If you attempt to open this document from Domino Administrator Configurations tab, Web - web Configurations view, the Web SSO Configuration document will not display.
- Expand the list of Web SSO Configurations.
- Double click the "Web SSO Configuration for LtpaToken" document to open it in edit mode.
- Update these fields as necessary:
After entering the information, select Keys and do one of the following:
- Configuration name -- Enter LtpaToken.
- DNS Domain -- make sure this is the fully qualified domain suffix of the Sametime server. For example, if the server's fully qualified name is server.domain.com, the .domain.com should be entered in this field. Ensure that the leading period (.) is present in front of the domain suffix.
- Organization -- Leave this field blank.
- Participating servers -- Add the Sametime server and other servers that belong to the SSO realm to the list.
Parent topic: Working with Sametime security
- Create a Domino SSO Key
- If WebSphere is participating in SSO, the Domino SSO key created by the install program should be replaced by the WebSphere LTPA key to allow both Domino and WebSphere to have an identical key for token validation and generation. Do this by importing the LTPA key from WebSphere to Domino. For more information, see Setting up single sign-on for Sametime browser clients.
Note: When adding servers to the Participating servers field, click the arrow and choose the name from an Address Book when possible. If this is not possible, make sure that you use the full hierarchical name when you add a server (for example, Server1/Example where CN=Server/O=Org).