Home
HCL Sametime® Administration Guide 12
Securing
This section provides information on securing your HCL Sametime environments.
Enabling Single Sign-on
The HCL Sametime server installer enables required JSON Web Token (JWT) authentication. Additionally, the Sametime server supports Security Assertion Markup Language (SAML) and Lightweight Third Party Authentication (LTPA) Single Sign-on (SSO).
Setting up SSO using SAML
You can implement SSO into your environment using Security Assertion Markup Language (SAML). The process is different for Kubernetes and Docker.
Configuring SAML on Docker

HCL Sametime® Administration Guide 12
- Accessibility features for Sametime
  Accessibility features help users who have a disability, such as restricted mobility or limited vision, to use information technology products successfully. HCL® strives to provide products with usable access for everyone.
- New features in Sametime 12
  The current version of HCL Sametime and HCL Sametime Premium includes new features and enhancements.
- Planning
  This section describes the system requirements and server configurations needed for HCL Sametime and HCL Sametime Premium.
- Installing
  This section provides information on installing and configuring the servers for HCL Sametime and HCL Sametime Premium.
- Configuring
  This section provides information on configuring the HCL Sametime server.
- Securing
  This section provides information on securing your HCL Sametime environments.
  - Encryption usage in Sametime
    HCL Sametime uses several types of encryption to protect data.
  - Securing connections
    The various interactions that occur on the Sametime server can be secured.
  - Enabling Single Sign-on
    The HCL Sametime server installer enables required JSON Web Token (JWT) authentication. Additionally, the Sametime server supports Security Assertion Markup Language (SAML) and Lightweight Third Party Authentication (LTPA) Single Sign-on (SSO).
    - Setting up SSO using LTPA
      You can implement SSO into your environment using Lightweight Third Party Authentication (LTPA) which requires LTPA keys.
    - Setting up SSO using SAML
      You can implement SSO into your environment using Security Assertion Markup Language (SAML). The process is different for Kubernetes and Docker.
      - Configuring SAML on Docker
      - Configuring SAML in Kubernetes
  - Enabling security in MongoDB
    To enable MongoDB securing, edit the mongod.conf file authorization: enabled setting.
  - Setting up TLS for the Mongo database
    You can update the MongoDB connection with the Sametime server to encrypt data flowing between the Sametime server and a TLS-enabled MongoDB. This step is optional but is recommended for multi-Kubernetes-cluster deployments.
  - Obtaining the cert.key and cert.crt files for Sametime
  - Replacing the TLS certificates for Web Chat and Meetings
    The Sametime server is pre-configured with a self-signed certificate. You can replace the self-signed certificate with a third-party certificate.
  - Applying Let's Encrypt certificates
    This topic describes how to replace the self-signed certificate with a third-party certificate.
- Administering
  This section provides information on administering on Sametime environments.
- Troubleshooting
  This section provides information on troubleshooting and supporting Sametime environments.
- Uninstalling Sametime
  In the event that Sametime must be uninstalled, follow these steps to uninstall the Community, Proxy, and Meetings servers.
- Migrating and Upgrading
  This section provides information on migrating data from an earlier release to Sametime 12.
- Notices

Configuring SAML on Docker

Before you begin

Before getting started, create a trust store with the LDAP certificate from the LDAP server. Name the file ldaptruststore.p12 and place it into the directory where the docker-compose.yml file is located.

About this task

The steps in the following procedure must be completed with root access or you can use sudo which allows you to run commands as root.

Procedure

Change directories to the root directory where the Sametime installation package was decompressed.
Create a file with the name saml.env.
```
vi saml.env
```

Add the following lines to the saml.env file.

STI__Config__STSAML_TRUST_STORE_TYPE=p12  
STI__Config__STSAML_TRUST_STORE_FILE=/local/notesdata/samltruststore.p12 
STI__Config__STSAML_TRUST_STORE_PASSWORD=samltruststorepass

Open the docker-compose.yml file for editing. Locate the env_file: parameter in the file and move custom.env to a new line. Add saml.env to the next line after custom.env.
```
env_file: 
 - custom.env
 - saml.env
```
Add a path to the SAML trust store.
- If you do not have a volumes section in the docker-compose.yml file, create one under the networks section and add the following line to the section.
- If you already have a volumes section, add the following line to the section.
```
- ./samltruststore.p12:/local/notesdata/samltruststore.p12 
```
The section should look like the following example. Ensure that the indentations look like the example.
```
networks:
  - sametime.test
volumes:
  - ./samltruststore.p12:/local/notesdata/samltruststore.p12
```

Restart the server to apply the changes.

docker-compose down 
docker-compose up -d