Integrating Domino web mail with Sametime12

Now that Sametime 12 has shipped a customer has asked me to integrate it with Domino web based mail, Verse and iNotes. The problem is that all the public documentation available on this topic is relative to Sametime 11.x; which is normal since when Domino 12 shipped, Sametime 12 had not. I am sure HCL will update it soon but in the meantime this post could be useful if you want to do this.

With the invaluable help of the Sametime Wizard himself, Tony Payne of HCL, I have been able to perform the integration and will explain all the steps needed.
Thanks a lot to my peer from France, Jérôme Deniau, who helped me a lot in debugging the issues I had while setting it up.
Without them I would not have made it.

You need to use LTPA, which is disabled by default in Sametime, so first thing you need is the LTPA key. This is generated by IBM WebSphere, so how do you get a LTPA key ? The solution is pretty simple. Since you have Docker you can easily fire up a WAS Liberty server running this command
docker run -d -p 9080:9080 -p 9443:9443 websphere-liberty:latest

Upon starting, the WAS Liberty server will create the LTPA key so you have to copy it on your machine and then on the Domino server machine. Use this command to copy the key from the container to your host machine.
docker cp b2964e5fc322:/output/resources/security/ltpa.keys ./ltpa.keys
where in this example b2964e5fc322 is the Liberty container ID.

You can get the ID opening a terminal and issuing the command: docker ps
This will give you the container ID

Note: The default password of the key is “WebAS”, if you want to use a different one there are several articles on the web that explain you how to do that.

Let’s assume you copied the ltpa.keys file in /sametime, now you have to edit three files, which are located in the directory where you installed Sametime, to make it use LTPA.

In the file .env set the following:
ENABLE_LTPA=true
LTPA_KEYS_FILE_PATH=/sametime/ltpa.keys
LTPA_KEYS=/ltpa-config/ltpa.keys
LTPA_KEYS_PASSWORD=WebAS

The reason for these values is the following, as Tony explained to me:
This line – in docker-compose.yaml

            – ${LTPA_KEYS_FILE_PATH}:/ltpa-config/ltpa.keys:Z

Says that “when the container asks for /ltpa-config/ltpa.keys – give it the file in the location $(LTPA_KEYS_FILE_PATH) – the code (container) is always looking for ‘ltpa-config/ltpa.keys’

LTPA_KEYS_FILE_PATH should always point to the local copy of the ltpa.keys file – which should be outside of the /sametime-config path

In the file custom.env set:
STI__ST_BB_NAMES__ST_AUTH_TOKEN=Fork:Jwt,Ltpa

This is needed to tell the ST server to use Ltpa

In the file docker-compose.yml set
SAMETIME_EXTERNAL_WARINTEGRATION=true

On the Domino mail server, the procedure is the usual one for setting up SSO. Create a Web SSO configuration document and import the WebSphere LTPA keys. Select as Token Format: LtpaToken and LtpaToken2.
Then in the server document under “Internet Protocols” – “Domino Web Engine” select as Session authentication: Multiple Servers (SSO).


ELD Engineering first contribution to OpenNTF

My colleague Fabio di Paola has created a new project on the OpenNTF website. This is the first contribution that my company does to OpenNTF.

The project is a template from which you create a database that check all the agents running on a Domino server and gives a report that list them by owner, by database and whether are scheduled or triggered.

You can find it here


Cross-posting: The OpenNTF Discord Server

A few months ago, OpenNTF started testing the waters of moving our Slack community over to Discord. The immediate impetus for this was the message-history limitation of our Slack account: on the free tier, we were losing old messages, but upgrading a community of our size to a paid tier would be cost-prohibitive.

Once we started looking into using Discord, we found that it offered much more for us than just avoiding history loss. Discord quickly proved itself a much-better match for our community, with better community controls, better voice/video chat with screen sharing, and just generally a more community-focused approach.

Joining

Since it’s gone so smoothly in a “soft launch”, we think it’s ready to invite everyone more openly. To join our Discord community, visit:

https://discord.gg/jmRHpDRnH4

That should get you in to the server – once you agree to the community guidelines, it’ll open up access to all of the public channels.