If you want to have SSO between Domino and Sametime 12.0.1 FP1 or above you need to create the Web SSO document in Domino using “LTPA Token 2” as token format, instead of “LTPA Token and LTPA Token2” as was common in previous versions of Sametime. This because HCL, starting with Sametime 12.0.2 FP1 disabled LTPA V1 token support by default – in favor of LTPA V2 which is more secure.
On the Sametime server open the file custom.env and make you see this at the end ENABLE_LTPA=true LTPA_KEYS=C:\Sametime\ltpa.keys <- replace with the location of your LTPA key file LTPA_KEYS_PASSWORD=XXXXXX <- replace with your key password
Open the sametime.ini file and change the line
ST_AUTH_TOKEN=Jwt (this is the default) to ST_AUTH_TOKEN=Fork:Jwt,Ltpa
A customer of mine ran into an issue when using his Sametime server for meetings with external companies. The participants could not see any video neither hear audio.
Since internally everything works perfectly and he is using a TURN server, we started looking into its configuration and logs. We didn’t find anything wrong and the logs reported no errors. Then, after finding that until circa one month ago everything was working fine, he remembered that since then, he changed the coturn certificate from a single LetsEncrypt certificate to a wildcard one he gets from a CA for his company.
So he switched back to the LetsEncypt certificate, and everything started working again. Upon looking in the coturn GitHub repository he found this https://github.com/coturn/coturn/issues/352 Turns out that coturn does not support wildcard certificates, and looking at the thread on GitHub is likely it will not do it in a foreseeable future.
I have suggested HCL to improve their documentation, mentioning this; even if I understand this is not a HCL issue, adding a warning not to use wildcard certs could be useful.
As I wrote in a previous post I will speak at Engage 2026.
But I am not the only one from OpenNTF that will have a session there, my colleagues in the Board will have sessions there too. This pictures shows the content that we are delivering at Engage, as you can see there’s something for both developers and admins.
Hope to see many of you there, and if you have any questions about the OpenNTF activities, or any request, or you want to help, just grab one of us and let’s talk!
I had the honor and the privilege of having a session accepted at Engage 2026.
I will speak, together with my usual partner-in-crime, Marianna Tomasatti, about the difference in configurations of Sametime Chat Server on Docker and on Windows.
Sametime Chat on Windows Tue, Apr 21- 16:05–16:30 – Room A Sametime chat on Windows offers the same features as Sametime on Docker/Kubernetes; however, configuration and customization are performed differently, and the files you need to edit are not the same.In this session, we will explain how to configure LTPA, SSO, and other tips and tricks.
While working for a customer, who has Sametime Chat on Windows and uses only web access to mail, I found a bug in Sametime. I opened a case and HCL could reproduce it; they created a Technote, KB0127919, for it. Hopefully will be fixed soon.
The time-to-live (TTL) setting defines how long the chat history is stored in the database. The default value is 90 days.
The instructions on how to change it in the official documentation unfortunately refer only to Docker and Kubernetes deployments and do not cover the Windows-based chat-only server.
On a Windows Server, you don’t have to edit the file custom.env, as you would in Docker or Kubernetes; instead, you need to edit the file chatlogging.ini. Add at the end of the file this value: CL_MONGO_HISTORY_TTL=30 where 30 is the number of days you want to keep the chat history.
Then follow the instructions in the documentation to delete and recreate the Mongodb indexes. Open a mongo shell and type the following commands use chatlogging db.EVENTS.getIndexes() [here the default value should be 7776000] db.EVENTS.dropIndex(“TimeStamp_1”) db.USERS.dropIndex(“date_1”)
Restart the Sametime server and check again the value of the EVENTS index for TimeStamp_1, should be 2592000 in my case of 30 days.
“Angels never know it’s time To close the book and gracefully decline” were singing the Genesis in 1976 (Ripples, one of their best songs ever, IMHO).
I am not at all an angel, so I know when it’s time to take a step back.
Effective January 1st 2026 I will retire, though I will do it “gracefully” and not abruptly.
I will still remain a Partner in ELD Engineering, but all the customers I am working with on Domino will be taken care by my friend and colleague Luca Zucchelli. I will still work with the customers on Sametime and Connections. That will not be a full-time activity, but will keep me busy enough not to get bored. Also, I will continue to serve as a Director for OpenNTF, there are some things we’re working on and I will continue to help there.
I will not take a trip back on memory lane, so I will not tell all the good, the bad and the ugly of 37 years of career started with Notes 3.0, my readers don’t deserve such a punishment.
You will still see me around, I will be continue to be present in the Discord servers of OpenNTF and HCL Ambassadors (pending a confirmation for the last one), and if you happen to be at the next Engage, I will offer you a beer or two.
But what if you don’t use Docker? You need a way to generate a LTPA key in Windows. I found out that is not hard as it may seem and in this post I will explain how to do this.
LTPA keys are generated by WebSphere Application Server, but installing a full WAS server just to create the LTPA key is definitely an overkill, besides you need to know WAS itself, which is not always the case.
As the above mentioned documentation suggest you can use an instance of WebSphere Liberty to generate LTPA keys.
To install it simply unzip the file in a directory on your machine, you can do it on your PC, there is no need to do it on the server; I unpacked the file in C:\wlp
Now open a command prompt and go in the bin directory. Run the file securityUtility.bat with those options: securityUtility createLTPAKeys --password=yourpassword This will create the ltpa.keys file in the bin directory
If you want to have the file in a different directory use the option --file= in the command.
Copy the file from the PC where you created it to the Sametime server machine.
When installing Sametime, if you select to configure LTPA here
You are presented with this screen
Just type in the dialog the location of the file you have created.
