Customizing Collaborative Services user credentials for eTrust SiteMinder

If you protect the portal and any of the Domino® and Extended Products Portlets or Common Mail portlet with Computer Associates eTrust SiteMinder, you must set the Lotus® Collaborative Services to use the eTrust SiteMinder token instead of the default LTPA token.

Before you begin

The following are custom credential settings with the possible values shown as variables:

CS_SERVER_CUSTOM_CRED.enabled=true/false
CS_SERVER_CUSTOM_CRED.useridAttribSource=header/cookie
CS_SERVER_CUSTOM_CRED.useridAttrib=useridAttribName
CS_SERVER_CUSTOM_CRED.ssoTokenAttribSource=header/cookie
CS_SERVER_CUSTOM_CRED.ssoTokenAttrib=tokenAttribName

About this task

The custom settings that you use for this task accomplish two goals:
  • They override the logged in user's credentials through a custom user name, allowing mapping of principal user identities (fully qualified user names or DNs) between two LDAP directories. In this case, the useridAttrib setting is retrieved from the header.
  • They override the logged in user's credentials with a custom SSO token that is generated from eTrust SiteMinder. In this case, the tokenAttribName setting is retrieved from the cookie.

Procedure

  1. Make sure that HCL Portal, Domino, and Sametime are all configured properly so that eTrust SiteMinder can authenticate.
  2. Modify the CSEnvironment.properties file.
  3. In the Collaborative services Credential Overrides section, modify settings to match the following example, where SMSESSION is the name of the token that is generated by eTrust SiteMinder, and SM_USERDN is the same as the attribute passed by eTrust SiteMinder to Domino and Sametime.
    Tip: The attribute is usually SM_USERDN. Other common variations are SM_NOTESDN, SM_USER, or SM_USERUID. If the Domino servers in your site are already protected by eTrust SiteMinder, examine the eTrust SiteMinder WebAgent Configuration file (WebAgent.conf) on the Domino server and use the attribute that is specified in the field dominoheaderforlogin.
    CS_SERVER_CUSTOM_CRED.enabled=true 
    # Valid values are header/cookie 
    CS_SERVER_CUSTOM_CRED.useridAttribSource=header 
    CS_SERVER_CUSTOM_CRED.useridAttrib=SM_USERDN  
    # Valid values are header/cookie 
    CS_SERVER_CUSTOM_CRED.ssoTokenAttribSource=cookie 
    CS_SERVER_CUSTOM_CRED.ssoTokenAttrib=SMSESSION 
  4. Create new parameters for each instance of the Common Mail and Lotus Notes View portlets in your site. For more information, see the section on the AuthTokenName parameter for Lotus Notes View, and the section on the CPP_PassHttpCookies parameter for the Common Mail portlet.