Enable Sametime Community for Meetings

HCL Sametime Community 11.0 FP2 added a new user policy to enable HCL Sametime Meetings.

About this task

HCL Sametime Community 11.0 FP2 requires the following changes to support Sametime Meetings.
  • Enable Sametime Meeting Policy
  • Enable Windows Sametime Community server to support Meetings
  • Create JWT Configuration
  • Modify ststart script on Linux

Enable Sametime Meeting Policy

  1. Edit the polices.user.xml found in the Sametime Community server install directory.
  2. Locate the im.meetingsEnabled parameter under im and set this to a values of 1. This policy can be enabled for anonymous and any additional policies that may exist.

Enable Windows Sametime Community server to support Meetings

Download the file StAuthTokenJwt.zip to allow JWT Configuration from HCL Software Portal. This file is located in the HCL Software Portal under Beta Products > HCL Sametime Pre-Release 11.5. It is required for Windows based Sametime 11.0 FP2 Community Server installations to incorporate the Sametime Pre-Release 11.5 Meetings capability. Do not continue with Sametime Pre-Release 11.5 Meetings deployment on Windows until this patch is in place on the Sametime Community Server.

  1. Stop the Sametime 11.0 FP2 Community Server.
  2. Place the DLL StAuthTokenJwt.dll in the Domino program directory.
  3. Restart the server.

Create JWT Configuration

For Docker

  1. Copy the value of JWT_APP_SECRET from the .env file.
  2. Run the following command from the Linux shell with this JWT_APP_SECRET value:
    echo -n <JWT_APP_SECRET> | base64 -w 0
  3. The value (output) from this command becomes the "GENERATED_SECRET" for the sametime.ini and stproxyconfig.xml in the following steps.
For Kubernetes

From the Sametime Meeting server folder, run the ./generateSecrets.sh command from Linux shell. After executing this command, helm/templates/meetings-secrets.yaml will have secrets unique to this deployment. The sametimeJwt value can be found in the JwtSecret data object. This value becomes the "GENERATED_SECRET" for the sametime.ini and stproxyconfig.xml in the following steps.

Sametime Community

  1. Edit the sametime.ini found in the Sametime Community server's program directory.
  2. Add the following under [config]:
    JWT_SECRET=GENERATED_SECRET
  3. Change the following under [st-bb-names]:
    ST_AUTH_TOKEN=notes To: ST_AUTH_TOKEN=Fork:Jwt,notes
  4. If using SAML authentication, add Saml:
    ST_AUTH_TOKEN=Fork:Jwt,Saml,notes
Note: This parameter is case sensitive.

Sametime Proxy

On the Sametime Proxy server in the conf folder, edit the stproxyconfig.xml file adding <jwtSecret> and <refreshJwt> settings within <configuration> like so:
<configuration>
...
<jwtSecret>
GENERATED_SECRET
</jwtSecret>
<refreshJwt>
<enabled>true</enabled>
<path>/meeting-auth/api/v1/refresh</path>
</refreshJwt>
 
</configuration>

On Linux, modify the ststart script

  1. On the Sametime Community Server, edit the 'ststart' script found in the server's data directory. Add:
     $PROGRAMDIR/STOpenSSL
     to
     LD_LIBRARY_PATH=$PROGRAMDIR:$LD_LIBRARY_PATH:$PROGRAMDIR/sticc
    The result will be
    LD_LIBRARY_PATH=$PROGRAMDIR:$LD_LIBRARY_PATH:$PROGRAMDIR/STOpenSSL:$PROGRAMDIR/sticc
  2. Save the changes and restart the Sametime Community with the ./ststart command. This will enable the Sametime Meeting policy and JWT Configuration.