IBM G325-2585-02 manual Proper Configuration

in stlinks.js without any change:

var is TAM-env=false;

//racingConnTimeout-Timeout between racing connections in milliseconds. The value is sent to the STLinks applet.

1.Enable reverse proxy support and specify the WebSEAL junction in the Sametime Administration Tool on the Sametime 7.5.x server.

-Open the Sametime Administration Tool on the Sametime 7.5.x server.

-Select Configuration-Connectivity.

-In the "Reverse Proxy Support" section, select the "Enable Reverse Proxy Discovery on the client" setting to enable the reverse proxy support.

-In the "Reverse Proxy Support" section, enter the WebSEAL junction name in the "Server Alias" field. In this example, "st" is the WebSEAL junction name.

2.Create the Tivoli Access Manager WebSEAL junction as shown below:

pdadmin> server task webseald-[servername] create -t tcp -h [sametime hostname] -p 80 -i -j -A -F [ path to LTPA key] -Z [LTPA key password]/junction

You cannot use the -w parameter for this setup. Some requests generated by Sametime are not allowed through the junction if the -w exists. You must also ensure that the LTPA key used in the junction is the same LTPA key that the Sametime server uses in its Web SSO Configuration document

After performing these configurations, you should be able to login to https://webseal/stjunction and be prompted by WebSEAL for authentication. Once authenticated, SSO between WebSEAL and Sametime should work and all requests for Sametime will route through WebSEAL.

Sametime

Sametime Administrator needs to be in LDAP for policies to work

Existing Sametime customers that use LDAP may have the Sametime Administrator defined in the local Domino Directory. Until now, those customers did not need to have a Sametime Administrator defined in LDAP; this is now required for Policy Administration.

Proper Configuration

Add the Distinguished Name (DN) of an LDAP user to the Access Control List (ACL) of stconfig.nsf with the following access: Person/Manager - with all privileges and all roles.

Notes

1.Make sure that you change the commas to slashes when entering the name into the ACL.

2.In the third example below (Sametime Administrator), note that the canonical format changes to the hierarchical format. Since the LDAP hierarchy matches Domino's hierarchy, the ACL will automatically normalize the name to the hierarchical format.

For example, if you enter 'cn=Sametime Administrator/ou=Austin/O=IBM', the ACL will automatically show 'Sametime Administrator/Austin/IBM'. When using Domino LDAP you will see this behavior, since the hierarchy of Domino LDAP matches the hierarchy system of standard Domino.

Below are examples of what the DN looks like in LDAP, and what it should look like in the ACL:

39