Enabling SSO between Domino and the Sametime Community Server

The IBM® Sametime® Community Server uses authentication by token to authenticate connections that occur after a user has authenticated once using password authentication.

Single sign-on (SSO) removes the need for a user to re-enter authentication credentials when reconnecting to a server, accessing different servers, using IBM Sametime web clients, or Domino® applications that connect to an IBM Sametime Community Server. Authentication by token is the method that Sametime uses to support single sign-on.

The Sametime Community Server uses the single sign-on feature of the underlying Domino server to authenticate users by token.

The Domino SSO feature must be enabled on a Sametime Community Server. If the Domino SSO feature is not enabled on the Domino server when you install the Sametime Community Server, the Sametime Community Server installation automatically enables and configures the Domino SSO feature. In some environments, you might need to alter the default SSO configuration provided by the Sametime Community Server installation. For more information, see Altering the Domino Web SSO configuration following the Sametime server installation.

The user must enter the fully qualified domain name of the Sametime Community Server (for example, sametimeserver.meetings.example.com) in the web browser URL locator when accessing the Sametime Community Server to authenticate successfully using SSO.

If your Sametime Community Server environment includes only Sametime 8.0 (or higher) servers, and you do not use Sametime TeamRoom or Discussion databases that were available with earlier Sametime Community Server releases, only the Domino SSO feature is required to support authentication by token.

If your Sametime environment includes Sametime 8.0 (or higher) servers that interoperate with a Sametime Community Server from releases earlier than Sametime 8.0, the Domino SSO feature must be supported on the Sametime Community Server to enforce authentication by token.

Note: If the Sametime Community Server is configured to use Internet Sites, the IBM Notes® client integration with the Sametime Community Server (and therefore SSO with Sametime) has been supported only since Sametime 8.5.1 and Notes client 8.5. When configuring a Sametime Community Server to use Internet sites, these settings must be configured in the [AuthToken] section of the sametime.ini file:
  • ST_TOKEN_TYPE must contain the name of the Web SSO document used by the IBM Sametime Community Server. The default value is LtpaToken.
  • ST_ORG_NAME must contain the organization name that is set in the Web SSO document used by the Sametime Community Server. The default value is an empty organization name.
For additional information about the Domino Internet Sites configuration see the Domino Administration documentation.