Integrating Domino web mail with Sametime12
Now that Sametime 12 has shipped a customer has asked me to integrate it with Domino web based mail, Verse and iNotes. The problem is that all the public documentation available on this topic is relative to Sametime 11.x; which is normal since when Domino 12 shipped, Sametime 12 had not. I am sure HCL will update it soon but in the meantime this post could be useful if you want to do this.
With the invaluable help of the Sametime Wizard himself, Tony Payne of HCL, I have been able to perform the integration and will explain all the steps needed.
Thanks a lot to my peer from France, Jérôme Deniau, who helped me a lot in debugging the issues I had while setting it up.
Without them I would not have made it.
You need to use LTPA, which is disabled by default in Sametime, so first thing you need is the LTPA key. This is generated by IBM WebSphere, so how do you get a LTPA key ? The solution is pretty simple. Since you have Docker you can easily fire up a WAS Liberty server running this command
docker run -d -p 9080:9080 -p 9443:9443 websphere-liberty:latest
Upon starting, the WAS Liberty server will create the LTPA key so you have to copy it on your machine and then on the Domino server machine. Use this command to copy the key from the container to your host machine.
docker cp b2964e5fc322:/output/resources/security/ltpa.keys ./ltpa.keys
where in this example b2964e5fc322
You can get the ID opening a terminal and issuing the command: docker ps
This will give you the container ID
Note: The default password of the key is “WebAS”, if you want to use a different one there are several articles on the web that explain you how to do that.
Let’s assume you copied the ltpa.keys file in /sametime, now you have to edit three files, which are located in the directory where you installed Sametime, to make it use LTPA.
In the file .env set the following:
ENABLE_LTPA=true
LTPA_KEYS_FILE_PATH=/sametime/ltpa.keys
LTPA_KEYS=/ltpa-config/ltpa.keys
LTPA_KEYS_PASSWORD=WebAS
The reason for these values is the following, as Tony explained to me:
This line – in docker-compose.yaml
– ${LTPA_KEYS_FILE_PATH}:/ltpa-config/ltpa.keys:Z
Says that “when the container asks for /ltpa-config/ltpa.keys – give it the file in the location $(LTPA_KEYS_FILE_PATH) – the code (container) is always looking for ‘ltpa-config/ltpa.keys’
LTPA_KEYS_FILE_PATH should always point to the local copy of the ltpa.keys file – which should be outside of the /sametime-config path
In the file custom.env set:
STI__ST_BB_NAMES__ST_AUTH_TOKEN=Fork:Jwt,Ltpa
This is needed to tell the ST server to use Ltpa
In the file docker-compose.yml set
SAMETIME_EXTERNAL_WARINTEGRATION=true
On the Domino mail server, the procedure is the usual one for setting up SSO. Create a Web SSO configuration document and import the WebSphere LTPA keys. Select as Token Format: LtpaToken and LtpaToken2.
Then in the server document under “Internet Protocols” – “Domino Web Engine” select as Session authentication: Multiple Servers (SSO).
