IBM Support

Configuring SSO between WebSphere Portal and Lotus Sametime when each use a different user directory

Technote (FAQ)


Question

This document is designed to explain how to configure an environment when IBM WebSphere Portal 5.1 or later, including 6.x, authenticates against one LDAP directory Lotus Sametime 6.5.1 IF1 or later, including 7.x and 8.x, authenticates against native Domino.

Answer

Perform the steps below to properly configure SSO.
Index:

    1. Import the LTPA token into Sametime.
    2. Configure the Domino Directory on the Sametime Server
    3. Configure the Sametime server to remap users' DNs when passed with an LTPA token
    4. Configuration changes to CSEnvironment.properties file


1. Import the LTPA token into Sametime.

Ensure you have correctly imported the WebSphere LTPA key into the Sametime server. For more detailed instructions on this step, refer to the technote "Troubleshooting WebSphere Portal, Domino Extended Products, and Domino SSO Issues" (# 1158269).


2. Configure the Domino Directory on the Sametime Server

a. Sync the user name and passwords in the Domino Directory with the names Portal uses to authenticate a user.

For example, if WebSphere Portal's user directory is IBM Directory Server (IDS), and a user's Distinguished Name (DN) from IDS is:

uid=tuser,cn=users,dc=acme,dc=com

...then you will need to add the following to the User Name or Short Name field of the Person document for Test User in Domino:

uid=tuser/cn=users/dc=acme/dc=com

This entry should be added below the Domino canonical name, which should be the top line of the User Name field, and common name (CN), which should be the second line. Therefore, in our example the User Name field should be as follows:

First name: Test
Middle name:
Last name: User
User name: Test User/acme
Test User
uid=tuser/cn=users/dc=acme=dc=com


3. Configure the Sametime server to remap users' DNs when passed with an LTPA token

a. Sametime 6.5.1 customers should have Interim Fix 1 (IF1) installed directly from IBM Lotus Technical Support.

b. Configuration changes for Sametime to remap users' Distinguished Names are as follows:

Notes.ini settings:

ST_UID_PREFIX=*
ST_UID_POSTFIX=*

On the Sametime server add the following to the sametime.ini file under the [Config] section:
ST_DOMINO_DUAL=1


4. If you also want Awareness capabilities in WebSphere Portal, make the following configuration changes to CSEnvironment.properties.

You should have already enabled Sametime in WebSphere Portal as documented in the WebSphere Portal Information Center.

CSEnvironment.properties:

CS_SERVER_SAMETIME_1.useLTPAToken=true
CS_SERVER_SAMETIME_1.nameFormatForResolve=dn
CS_SERVER_SAMETIME_1.dnNameSeparator=/

Related information

Troubleshooting Portal and Domino Extended Products


Cross reference information
Segment Product Component Platform Version Edition
Messaging Applications Lotus End of Support Products Lotus Sametime 6.5

Document information

More support for: WebSphere Portal End of Support Products
Lotus Domino and Extended Products Portlets

Software version: 6.0.1, 6.0.1.3

Operating system(s): AIX, HP-UX, IBM i, Linux, Solaris, Windows, z/OS

Software edition: Extend

Reference #: 1231292

Modified date: 24 June 2008