Integrating Domino web mail with Sametime12

Now that Sametime 12 has shipped a customer has asked me to integrate it with Domino web based mail, Verse and iNotes. The problem is that all the public documentation available on this topic is relative to Sametime 11.x; which is normal since when Domino 12 shipped, Sametime 12 had not. I am sure HCL will update it soon but in the meantime this post could be useful if you want to do this.

With the invaluable help of the Sametime Wizard himself, Tony Payne of HCL, I have been able to perform the integration and will explain all the steps needed.
Thanks a lot to my peer from France, Jérôme Deniau, who helped me a lot in debugging the issues I had while setting it up.
Without them I would not have made it.

You need to use LTPA, which is disabled by default in Sametime, so first thing you need is the LTPA key. This is generated by IBM WebSphere, so how do you get a LTPA key ? The solution is pretty simple. Since you have Docker you can easily fire up a WAS Liberty server running this command
docker run -d -p 9080:9080 -p 9443:9443 websphere-liberty:latest

Upon starting, the WAS Liberty server will create the LTPA key so you have to copy it on your machine and then on the Domino server machine. Use this command to copy the key from the container to your host machine.
docker cp b2964e5fc322:/output/resources/security/ltpa.keys ./ltpa.keys
where in this example b2964e5fc322 is the Liberty container ID.

You can get the ID opening a terminal and issuing the command: docker ps
This will give you the container ID

Note: The default password of the key is “WebAS”, if you want to use a different one there are several articles on the web that explain you how to do that.

Let’s assume you copied the ltpa.keys file in /sametime, now you have to edit three files, which are located in the directory where you installed Sametime, to make it use LTPA.

In the file .env set the following:
ENABLE_LTPA=true
LTPA_KEYS_FILE_PATH=/sametime/ltpa.keys
LTPA_KEYS=/ltpa-config/ltpa.keys
LTPA_KEYS_PASSWORD=WebAS

The reason for these values is the following, as Tony explained to me:
This line – in docker-compose.yaml

            – ${LTPA_KEYS_FILE_PATH}:/ltpa-config/ltpa.keys:Z

Says that “when the container asks for /ltpa-config/ltpa.keys – give it the file in the location $(LTPA_KEYS_FILE_PATH) – the code (container) is always looking for ‘ltpa-config/ltpa.keys’

LTPA_KEYS_FILE_PATH should always point to the local copy of the ltpa.keys file – which should be outside of the /sametime-config path

In the file custom.env set:
STI__ST_BB_NAMES__ST_AUTH_TOKEN=Fork:Jwt,Ltpa

This is needed to tell the ST server to use Ltpa

In the file docker-compose.yml set
SAMETIME_EXTERNAL_WARINTEGRATION=true

On the Domino mail server, the procedure is the usual one for setting up SSO. Create a Web SSO configuration document and import the WebSphere LTPA keys. Select as Token Format: LtpaToken and LtpaToken2.
Then in the server document under “Internet Protocols” – “Domino Web Engine” select as Session authentication: Multiple Servers (SSO).

ELD Engineering first contribution to OpenNTF
Updating Sametime 12 to FP1. A note about integration with email

Comments

  1. Hello Roberto, i am not able to get this working.

    What extact url did you enter within the domino Inotes (or notes.ini) configuration ?

    If i enter https://myst12server.dns.org Inotes tries to login but nothing happens. Also i tried to use the option “use login dialog” within Inotes configuration but i cant get integration working.

    Maybe the url within inotes configuration is wrong ? if i try to connect the legacy client i need to add /stwebclient/ behind my url

    • Hi Alexander, the url you used is correct. Open the debugger in the browser ( F12 )when you connect to mail and check what happens when it tries to connect to the Sametime server

  2. Hi Alexander, with ST 12.0.1 I had to do the same. I believe that the article has been written after support worked with me to find a solution for SSO.

Leave a Reply

Your email address will not be published / Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.