Notes client Domino Token Based SSO with AD LDAP ?
Anders Aslund 07/22/2015 06:57 AM
Administration 9.0 All Platforms
Customer wants to remove "HTTP passwords" from Domino and use Active Directory as source.
Domino can use Active Directory as source and by putting "Notes hierarchical name" as an attribute in AD we can use AD-LDAP as a source for IBM Traveler or IBM iNotes or IBM Sametime.
But if we want to use SSO in Notes client (without saving username and password) then we are forced to use SPNEGO, and there are no alternatives, right?
The problem with SPNEGO is this:
* Customer does not have any SPNEGO-enabled WebSphere server to use for Authentication URL (and they do not want this one nor they have license for it)
* Notes clients need to be re-configured from Domino Token Based SSO to SPNEGO SSO (and I know from experience that it is a very problematic process to change login information in the notes client)
So is there a way, for example to keep current Notes client settings with Domino Token and use Active Directory as LDAP source (maybe it could be done with some extra settings or similar on the Sametime server?)
What are your ideas here?
BTW: Active Directory is version 2003. Sametime server is version 9.