Creating an installation package that connects rich clients to the cloud community using SAML authentication

If users log in with your organization's authentication credentials and use SAML token authentication for federated identity management, you can create a pre-configured installation package for standalone Sametime® Connect or for Notes® with embedded Sametime. SAML support in Sametime and in Notes uses the form-based or browser-based user and password login type. With browser-based login, the client opens an embedded browser to display the login page.

About this task

Alternatively, users can download the SAML-enabled Sametime client and configure it themselves. They must download the Sametime standalone client or the IBM® Notes 9.0 client (for embedded Sametime) from the cloud. For information, see the chat section of the user help. Users will need SAML IDP information from you to complete the configuration.

Procedure

To create a pre-configured installation package:

  1. Locate the plugin_customization.ini file.

    The file is in one of the following locations, depending on the operating system:

    Windows
    Inside the deploy folder of the package root.
    RedHat Linux
    Inside the RedHat .rpm package at one of the following locations:
    For Sametime Connect: \opt\ibm\Sametime\framework\rcp\deploy
    For Notes: \opt\ibm\notes\framework\rcp\deploy
    MacOS
    Inside sametime-*.pkg\Contents\deploy.
  2. Add the following configuration lines in the plugin_customization.ini file, based on your company's Sametime community and SAML IDP information.
    Note: To fit the width of this page, some records are shown on more than one line. In the plugin_customization.ini file, each record is a single line.
    # ";" is used to separate multiple communities
com.ibm.collaboration.realtime.community/saml_communities=<Sametime community server host name>
# IDP server url
com.ibm.collaboration.realtime.community/<Sametime community server host name>.idp=
    <SAML authentication login URL>
# login type of IDP server
com.ibm.collaboration.realtime.community/<Sametime community server host name>.idp.type=form|browser
# html tag id or tag name of the user name field in IDP web page. 
com.ibm.collaboration.realtime.community/<Sametime community server host name>.idp.form.username.tag=
    <form_username_field_id> | <form_username_field_name>
# html tag id or tag name of the user password field in IDP web page. 
com.ibm.collaboration.realtime.community/<Sametime community server host name>.idp.form.password.tag=
    <form_password_field_id> | <form_password_field_name>
# html tag id or tag name of the submit field in IDP web page. 
com.ibm.collaboration.realtime.community/<Sametime community server host name>.idp.form.submit.tag=
    <form_submit_field_id> | <form_submit_field_name>
# Optional. The default value is "false". If "true", the on-premises community is the primary community and
the cloud community is the secondary community.
com.ibm.collaboration.realtime.community/<Sametime community server host name>.primary=false
# Optional. The default value is "false". if "true", the SmartCloud community can be 
# removed from the communities preference page
com.ibm.collaboration.realtime.community/<Sametime community server host name>.editable=false

    Sample:

    Note: To fit the width of this page, some records are shown on more than one line. In the plugin_customization.ini file, each record is a single line.
    com.ibm.collaboration.realtime.community/saml_communities=im.na.collabserv.com
com.ibm.collaboration.realtime.community/
    im.na.collabserv.com.idp=https://www.example.com/FIM/sps/SAML20/logininitial?
    PartnerId=https://apps.na.collabserv.com/sps/sp/saml/v2_0&
    TARGET=https://apps.na.collabserv.com&PROTOCOL=POST
com.ibm.collaboration.realtime.community/im.na.collabserv.com.idp.type=form
com.ibm.collaboration.realtime.community/im.na.collabserv.com.idp.form.username.tag=Intranet_ID
com.ibm.collaboration.realtime.community/im.na.collabserv.com.idp.form.password.tag=password
com.ibm.collaboration.realtime.community/im.na.collabserv.com.idp.form.submit.tag=ibm-submit
  3. Replace the existing plugin_customization.ini file in the Sametime installation package or in the Notes installation package with the file that you updated.
  4. Distribute the updated Sametime installation package or Notes installation package to your users. The SAML configuration information is automatically populated when your users install the client.
    Note: The installation package that you distribute to Mac users must be digitally signed by IBM. Before distributing the installation package to Mac users, email your modified plugin_customization.ini file to support@collabserv.com. A signed installation package will be created and returned to you.