Skip to main content
This forum is closed to new posts and responses. New discussions are now taking place in the IBM Developer Answers forum.
Information Mgmt
New to Lotus
How to buy
Live demos
Technical library
Forums & community
Java™ technology
Open source
SOA and Web services
Web development
My developerWorks
About dW
Submit content

developerWorks  >  Lotus  >  Forums & community  >  IBM Sametime Forum

IBM Sametime Forum



PreviousPrevious NextNext

RE: Notes client Domino Token Based SSO with AD LDAP ?
Ben Williams 22.Jul.15 08:03 AM Lotus Notes
Administration 9.0 All Platforms

If they have Sametime 9 then they should also have an SSC which sits on WAS. You should not install a Sametime 9 Community server without an SSC.

The SSC should be capable of handling SPNEGO although in only one other deployment the customer used a separate node as the SPNEGO enabled apps server.

But if we want to use SSO in Notes client (without saving username and password) then we are forced to use SPNEGO, and there are no alternatives, right? Correct if you are using AD as the LDAP source for Sametime.

If the customer continued to use Domino then you could use "Domino single sign on" which means that the notes ID is passed to the Community server (or alternative Domino authentication server) and the ID is queried. If the user has access via their Notes ID then an LtpaToken is passed back to a mini web server running in the Sametime client. This LtpaToken is then passed to the Community server and that is used to sign in (without a password) to the Community server.

"Domino single sign on" only works if you are using the embedded Sametime client in Notes. If you use a standalone Connect client then you're only option is SPENGO.

"Domino single sign on" doesn't require an HTTP password to be present BUT other applications may need it if you use Domino as the LDAP source.

Customer does not have any SPNEGO-enabled WebSphere server to use for Authentication URL (and they do not want this one nor they have license for it) Please explain what license they have. Even if they are using Sametime based on Domino licensing they are able to run an SSC and STProxy for iNotes (no mobile), This provides you with a licensed option to install WAS.

Notes clients need to be re-configured from Domino Token Based SSO to SPNEGO SSO (and I know from experience that it is a very problematic process to change login information in the notes client) It can be a problem but if you have a good grasp of managed-settings.xml then it is possible. In my opinion, using managed-settings.xml works very well. Please do not try to use Domino desktop policies to control Eclipse settings, they are awful and rarely work as you expect.

I have not been faced with a change from one LDAP type to another. WAS should handle this OK as it's just a federated repository but the Community server will need to be reinstalled and possibly you may have issues with the SSC.

You'd be better creating a second environment using AD and then migrating users using managed-settings.xml and managed-community-configs.xml to handle the redirection of the client.

A well planned migration can work well. Yes there will be some problems but these will be client side and normally only small in number.

Notes client Domino Token Based SSO... (Anders Aslund 22.Jul.15)
. . RE: Notes client Domino Token Based... (Ben Williams 22.Jul.15)
. . . . RE: Notes client Domino Token Based... (Anders Aslund 22.Jul.15)
. . . . . . RE: Notes client Domino Token Based... (Barry Shapiro 22.Jul.15)
. . . . . . RE: Notes client Domino Token Based... (Ben Williams 23.Jul.15)

Document Options

  Document options
Print this pagePrint this page

Search this forum

Forum views and search

  Forum views and search
Date (threaded)
Date (flat)
With excerpt
Advanced search

Member Tools

RSS Feeds

 RSS feedsRSS
All forum posts RSS
All main topics RSS
More Lotus RSS feeds


Forum use and etiquette
Native Notes Access
Web site Feedback

Lotus Support

 Lotus Support
IBM Support Portal - Lotus software
Lotus Support documents
Lotus support by product
Lotus support downloads
Lotus support RSS feeds


IBM Composite Applications
IBM Mashup Center
IBM Connections
IBM Connections Cloud Developers
IBM Docs
IBM Forms
IBM Mobile Connect
IBM Sametime
IBM SmartCloud for Social Business
IBM Web Experience Factory
Lotus Domino
Lotus Domino Designer
Lotus Expeditor
Lotus Foundations
Lotus iNotes
Lotus Instructor Community Courseware
Lotus Notes
Lotus Notes & Domino Application Development
Lotus Notes Traveler
Lotus Protector
Lotus Quickr
Lotus Symphony
IBM Web Content Manager
WebSphere Portal

Lotus Forums

 Lotus Forums
Notes/Domino 9.0
Notes/Domino 8.5 + Traveler
Notes/Domino XPages development forum
Notes/Domino 8
Notes/Domino 6 and 7
IBM Connections
IBM Mobile Connect
IBM Sametime
IBM SmartCloud Notes
Lotus Enterprise Integration
Lotus Protector
Lotus Quickr
Lotus SmartSuite