ShowTable of Contents
Prerequisites
This section describes the installations required before integrating IBM® Lotus® Sametime® Meeting server 8.5.1 with CA SiteMinder Agent r6.0.
SiteMinder/Sametime Servers required
SiteMinder integration requires two servers to be installed:
- Sametime Meeting Server 8.5.1
- SiteMinder Policy Server 6
SiteMinder Agent required
SiteMinder integration requires one agent to be installed:
- CA eTrust SiteMinder Agent v6.0 for IBM WebSphere® Portal v7
Sametime Meeting Server WebSphere Portal configuration
The SiteMinder Agent for WebSphere Portal resides in WebSphere Application Server, enabling the Sametime Meeting application to extend the SiteMinder environment to protect WebSphere-hosted resources, in our case, the Sametime Meeting application.
Configuring TAI – basic authentication
Trust Association Interceptor (TAI) establishes a Web Trust Association between WebSphere Application Server and the SiteMinder Policy server, so that credentials obtained from the Sametime Meeting Web Client can be validated against associated user directories configured in SiteMinder. The TAI agent can issue only basic authentication challenges.
Follow the steps below to configure WebSphere Application Server to use TAI:
- Copy the smagent.properties file from the Application Server Agent (ASA) installation /opt/smwasasa/conf folder over to the WebSphere Application Server Profile properties folder, for example, /opt/IBM/WebSphere/AppServer/profiles/STPAppProfile/properties. Also, copy the properties file to the dmgrprofile profile.
- Ensure that your system PATH includes a path to the ASA's bin directory (typically, #export PATH=$PATH:/opt/smwasasa/bin:/opt/smwasasa/conf).
- Start the WebSphere Application Server Administration Console, if not already running, and select Security – Global security, expand Web and SIP Security, and click Trust Association.
- Place a check next to Enable Trust Association, and click Apply.
- Click Interceptors and delete those you don’t require.
- On the Interceptors page, click New; enter the following SiteMinder ASA class name next to Interceptor Classname and click Apply: com.netegrity.siteminder.websphere.auth.SmTrustAssociationInterceptor
- Save the changes to the master configuration by clicking Save on the next two screens.
- Log out of the Administration Console and restart WebSphere Portal.
Testing SiteMinder Agent v6.0
Use the following URLs when accessing Sametime Meetings when SiteMinder Agent r6.0 is configured:
http://{host_name}http://{host_name}/stmeetings
When you attempt to log in to the Sametime Meeting Server via the browser, you should see a SiteMinder Log-in window (see figure 1).
Figure 1. SiteMinder Log-in window
The user name and password entered in this window will be used by SiteMinder to authenticate and authorize the user. If the user is authenticated and authorized correctly, then the user name will be passed into WebSphere Application Server, which should automatically log the user into the Sametime Meeting application.
Conclusion
You should now have a good understanding of how to integrate CA SiteMinder Agent r6.0 with Lotus Sametime Meeting Server 8.5.1.
Resources
Refer to the
developerWorks Lotus Sametime product page.
Refer to the
Lotus Sametime wiki Product Documentation tab.
Refer to the Sametime 8.5 Information Center topic, “
Log file locations.”
Sametime wiki article, “
Setting up an IBM Lotus Sametime v8 Proxy Server for CA SiteMinder Agent v6 integration.”
About the authors
Alicia Casarrubios is a Software Engineer working on the Sametime Verification Test team. She has been with IBM since 2009, focusing on integration and interoperability across Lotus Sametime products.
Naveed Yousuf is Software Engineer and has been with IBM since 1999, working on a different number of teams within the Dublin Software Lab. He is currently working on the Sametime Verification Test team for the last four years focusing on integration and interoperability across Lotus Sametime products.