ShowTable of Contents
Overview
This article describes how to edit the Web SSO configuration for LtpaToken so you can troubleshoot and rectify connectivity issues relating to the IBM® Sametime® 8.5.2 Proxy Server–Web Client connection to the Sametime Community server.
We provide the detailed steps to (1) determine whether the solution is applicable and (2) implement the solution.
Data directories
The files mentioned in this document can be found at the locations below, in a standard deployment.
The default Data directories are located as follows:
IBM Lotus® Domino®:
Microsoft® Windows®: C:/Program Files/IBM/domino/data
Linux®: /local/notesdata
IBM Lotus Notes®:
Windows : C:/Program Files/IBM/notes/data
Linux: ~ /lotus/notes/data
The default installation directory for IBM WebSphere® Application Server (WAS) is as follows:
Windows: C:/Program Files/IBM/WebSphere
Linux : /opt/IBM/WebSphere
Determining whether this solution will resolve your issue
Follow the steps below to determine whether this solution is applicable to your issue.
1. Confirm that the Proxy Web client is not able to log in by using a valid user name and password; the window in figure 1 should display.
Figure 1. Login error window
2. On the Proxy Server, check the SystemOut.log. You should see:
File found at the following location:
<WAS installation directory>/AppServer/profiles/HostnameSTPPNProfile1/logs/STProxyServer
And see this error message:
[4/10/11 15:33:11:992 EDT] 0000003c CommunityServ W CLFRX0027E: Unable to complete the login request for user zzuser33@us.ibm.com: Reason: (2)
[4/10/11 15:33:12:001 EDT] 00000022 awareness I WIO channel was closed, reason [0]
3. On the Community Server, check the names.nsf file from a Web browser. You will be asked for log-in credentials. Connect by using the Domino administrator username and password:
Figure 2. Names.nsf Web Configuration window
The Solution
The solution for this issue is to edit the DNS domain in the Web SSO configuration for LtpaToken. In this example, the new domain value = .test.ibm.com.
NOTE: The dot “.” at the start of the domain value must be present.
Using Lotus Notes to make the configuration changes
This section briefly describes the process of editing the names.nsf using Lotus Notes.
- Log in to your Notes client using a user ID which has Domino Administrator authority on the Domino server.
- Open the Lotus Notes database you need to edit, selecting File – Open – Lotus Notes Application from the Notes client menu.
- Enter the fully qualified path to the remote server and the name of the file you wish to edit, for example, names.nsf (see figure 3); click Open.
For a more detailed explanation of the process, refer to the wiki article, "
Using IBM Lotus Notes to edit remote IBM Lotus Domino files".
Figure 3. Open Application window
Implementing the Solution
- Using the navigator on the left hand side of the screen, navigate to “Web SSO configuration for LtpaToken,” by selecting Configuration – Web – Web Configurations (see figure 4). (this picture is for the web view, not the native Notes client, the image needs updating to one taken of the Notes client)
- Select the icon next to *-Web SSO Configurations, and then click the “Web SSO Configuration for Ltpa Token” link.
Figure 4. Web Configurations window
3. The window in figure 5 displays (this image is also of the web browser view, it needs a Notes Client screenshot). Click the Edit SSO Configuration button on the upper left-hand corner.
Figure 5. Web SSO Configuration for LtpaToken window
4. Under the Token Configuration section, edit the DNS Domain field to have the required value, in this case, .test.ibm.com (see figure 6).
Figure 6. DNS Domain field
5. Ensure the leading “.” is present and then click Save and Close (top left-hand corner).
6. Restart the Domino server for the changes to take effect.
Now let's verify the file change:
1. Using the Web browser, confirm the changes to the names.nsf file:
http://<FQDN of Community Server>/names.nsf
2. Navigate to “Web SSO configuration for LtpaToken” and select Configuration – Web -- Web Configurations:
a) Select the icon next to *-Web SSO Configurations – .
b) Click the Web SSO Configuration for Ltpa Token link.
c) Verify the changes.
3. If required, you can revert to the original Notes configuration by exiting and restarting the Notes client, and logging in, using the original Notes user name (see figure 7).
This may be needed when a user has changed the configuration on their personal Notes client (i.e., one used as their primary mail client) to edit a remote Domino server configuration file.
Figure 7. Notes Log-in window
4. Restart the Domino server to propagate the changes.
Verifying the solution
1. Using the Proxy Server URL, connect to the Proxy Server and launch the Proxy Web client by clicking the Launch Sametime button (see figure 8).
Figure 8. Launch Sametime button
2. Then, using the same credentials as used in step 1 of Section 2.1, “Determining whether this solution will resolve your issue, log in to the Proxy server (see figure 9).
Figure 9. Log in to Proxy server
A successful log-in verifies that the solution has been implemented correctly (see figure 10).
Figure 10. Successful log-in
Troubleshooting
(1) In Step 2 of Section 3.1, "Using Lotus Notes to make the configuration changes,” if you receive the error message shown in figure 11 or 12, it means that you used an incorrect server name or a remote server name that is not fully qualified.
Figure 11. Error message
Figure 12. Error message
(2) In Step 2 of the Section 3.2, “Implementing the Solution,” if you receive the error:
“You cannot access portions of this document because it is encrypted and was not intended for you, or you do not have the decryption key,”
then you are not using the correct user credentials, and you must log in using a Notes user ID that has Domino administrator authority.
Conclusion
By following the steps in this article, you should now have full connectivity between your Sametime Proxy Server and the Web client.
Resources
- To locate log files for Sametime components, refer to the Information Center topic, “Log file locations.”
About the authors
Desmond McCann is a Chartered Engineer working on the Sametime Verification Test team. He has been with IBM since 2010, focusing on integration and interoperability across Lotus Sametime products. You can reach him at
DesMcCann@ie.ibm.com.
John Doody is a Software Engineer working on the Sametime Verification Test team. He has been with IBM since 2009, focusing on integration and interoperability across Lotus Sametime products. You can reach him at
john.doody@ie.ibm.com.