Configure servers for single sign-on (SSO) as a convenience to users running the
® browser client. With SSO configured, users who log in once to any server in the DNS domain do not have to log in again when they access any other server running on
® Application Server. Enabling SSO between the servers also helps the Connect Client as well. If the community server is in the single sign-on domain, the component services can re-use the token from the Connect client to login to other services.
Preparing servers running on WebSphere Application Server for single sign-on
Prepare for single sign-on (SSO) by exporting a LTPA key from the servers running on WebSphere
Application Server. This step applies to the Sametime
Media Manager SIP Proxy and Registrar server, the Sametime
Meeting server, and Sametime
Advanced. If you plan to enable the Click to Call feature, it also applies to the Sametime
Unified Telephony Application Server. The Sametime
Proxy Server does not need to be set up for single sign-on.
Configuring the Sametime Community Server for single sign-on
After creating LTPA keys for Sametime servers, configure the Sametime Community Server for single sign-on.
Importing a shared LTPA key to enable SSO for a server in a different cell
If you set up SSO between IBM Sametime
servers running on WebSphere
Application Server that are in different cells, import the shared LTPA key you exported as described in “Preparing servers running on WebSphere
Application Server for single sign-on” into each Media Manager SIP Proxy and Registrar server, Sametime
Meeting Server, and Advanced server that is part of the same SSO environment. If the servers are managed by one Sametime
System Console, you do not need to perform this step because they already share the same LTPA key.
Verifying that servers have the same single sign-on settings
Confirm that the IBM Sametime
Meeting Server and the Media Manager SIP Proxy and Registrar server use the same SSO settings.
Configuring single sign-on with Microsoft Windows Active Directory
The Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) replaces Microsoft
® Single Sign-On, which is no longer supported by Sametime. If the Sametime Community Server uses a Microsoft Windows Active Directory, you must integrate all server components to allow Sametime
users to log in and authenticate only once at their desktop and thereafter automatically authenticate with the Sametime