Filter
Top Products
IBM Lotus Sametime 7.5.1 Release Notes
in stlinks.
j
s without an
y
chan
g
e:
var is TAM-env=false;
//racingConnTimeout-Timeout between racing connections in milliseconds. The value is sent to the
STLinks applet.
1.
Enable reverse proxy support and specify the WebSEAL junction in the Sametime Administration Tool
on the Sametime 7.5.x server.
- Open the Sametime Administration Tool on the Sametime 7.5.x server.
- Select Configuration-Connectivity.
- In the "Reverse Proxy Support" section, select the "Enable Reverse Proxy Discovery on the client"
setting to enable the reverse proxy support.
- In the "Reverse Proxy Support" section, enter the WebSEAL junction name in the "Server Alias"
field. In this example, "st" is the WebSEAL junction name.
2.
Create the Tivoli Access Manager WebSEAL junction as shown below:
pdadmin> server task webseald-[
servername
] create -t tcp -h [
sametime hostname
] -p 80 -i -
j
-A -F [
path to LTPA key
] -Z [
LTPA key password
]/
j
unction
You cannot use the -w parameter for this setup. Some requests generated by Sametime are not
allowed through the junction if the -w exists. You must also ensure that the LTPA key used in the
j
unction is the same LTPA ke
y
that the Sametime server uses in its Web SSO Confi
g
uration
document
After performing these configurations, you should be able to login to https://webseal/stjunction and be
prompted by WebSEAL for authentication. Once authenticated, SSO between WebSEAL and Sametime
should work and all requests for Sametime will route through WebSEAL.
Sametime
Sametime Administrator needs to be in LDAP for policies to work
Existing Sametime customers that use LDAP may have the Sametime Administrator defined in the local
Domino Directory. Until now, those customers did not need to have a Sametime Administrator defined in
LDAP; this is now required for Policy Administration.
Proper Configuration
Add the Distinguished Name (DN) of an LDAP user to the Access Control List (ACL) of
stconfig.nsf
with the following access: Person/Manager - with all privileges and all roles.
Notes
1.
Make sure that you change the commas to slashes when entering the name into the ACL.
2.
In the third example below (Sametime Administrator), note that the canonical format changes to the
hierarchical format. Since the LDAP hierarchy matches Domino's hierarchy, the ACL will
automatically normalize the name to the hierarchical format.
For example, if you enter 'cn=Sametime Administrator/ou=Austin/O=IBM', the ACL will automatically
show 'Sametime Administrator/Austin/IBM'. When using Domino LDAP you will see this behavior,
since the hierarchy of Domino LDAP matches the hierarchy system of standard Domino.
Below are examples of what the DN looks like in LDAP, and what it should look like in the ACL:
39