Home
HCL Sametime® Administration Guide 12
Securing
This section provides information on securing your HCL Sametime environments.
Enabling Single Sign-on
The HCL Sametime server installer enables required JSON Web Token (JWT) authentication. Additionally, the Sametime server supports Security Assertion Markup Language (SAML) and Lightweight Third Party Authentication (LTPA) Single Sign-on (SSO).
Setting up SSO using LTPA
You can implement SSO into your environment using Lightweight Third Party Authentication (LTPA) which requires LTPA keys.
Integrating with HCL Connections
You can integrate Sametime to enable chat services in HCL Connections.

HCL Sametime® Administration Guide 12
- Accessibility features for Sametime
  Accessibility features help users who have a disability, such as restricted mobility or limited vision, to use information technology products successfully. HCL® strives to provide products with usable access for everyone.
- New features in Sametime 12
  The current version of HCL Sametime and HCL Sametime Premium includes new features and enhancements.
- Planning
  This section describes the system requirements and server configurations needed for HCL Sametime and HCL Sametime Premium.
- Installing
  This section provides information on installing and configuring the servers for HCL Sametime and HCL Sametime Premium.
- Configuring
  This section provides information on configuring the HCL Sametime server.
- Securing
  This section provides information on securing your HCL Sametime environments.
  - Encryption usage in Sametime
    HCL Sametime uses several types of encryption to protect data.
  - Securing connections
    The various interactions that occur on the Sametime server can be secured.
  - Enabling Single Sign-on
    The HCL Sametime server installer enables required JSON Web Token (JWT) authentication. Additionally, the Sametime server supports Security Assertion Markup Language (SAML) and Lightweight Third Party Authentication (LTPA) Single Sign-on (SSO).
    - Setting up SSO using LTPA
      You can implement SSO into your environment using Lightweight Third Party Authentication (LTPA) which requires LTPA keys.
      - Generating LTPA keys
        Lightweight Third Party Authentication (LTPA) uses keys to encrypt and decrypt data being passed.
      - Configuring LTPA in Docker or Podman
        This topic includes the steps to configure LTPA keys on Docker.
      - Configuring LTPA in Kubernetes
        This topic includes the steps to configure LTPA keys on Kubernetes.
      - Integrating with HCL Connections
        You can integrate Sametime to enable chat services in HCL Connections.
      - Integrating Sametime with HCL Domino
        This topic includes the procedure to enable LTPA when Sametime is integrated with the Domino server for use with web based mail, Verse and iNotes.
    - Setting up SSO using SAML
      You can implement SSO into your environment using Security Assertion Markup Language (SAML). The process is different for Kubernetes and Docker.
  - Enabling security in MongoDB
    To enable MongoDB securing, edit the mongod.conf file authorization: enabled setting.
  - Setting up TLS for the Mongo database
    You can update the MongoDB connection with the Sametime server to encrypt data flowing between the Sametime server and a TLS-enabled MongoDB. This step is optional but is recommended for multi-Kubernetes-cluster deployments.
  - Obtaining the cert.key and cert.crt files for Sametime
  - Replacing the TLS certificates for Web Chat and Meetings
    The Sametime server is pre-configured with a self-signed certificate. You can replace the self-signed certificate with a third-party certificate.
  - Applying Let's Encrypt certificates
    This topic describes how to replace the self-signed certificate with a third-party certificate.
- Administering
  This section provides information on administering on Sametime environments.
- Troubleshooting
  This section provides information on troubleshooting and supporting Sametime environments.
- Uninstalling Sametime
  In the event that Sametime must be uninstalled, follow these steps to uninstall the Community, Proxy, and Meetings servers.
- Migrating and Upgrading
  This section provides information on migrating data from an earlier release to Sametime 12.
- Notices

Integrating with HCL Connections

You can integrate Sametime to enable chat services in HCL Connections.

Before you begin

Sametime and Connections must share a common directory.

About this task

If you are enabling the HCL Connections Profiles Photo URLs in your Sametime business card configuration, single sign on (SSO) might be required for Sametime to access the URLs.

When integrating with Connections, the LTPA key is generated by HCL Connections. To integrate with Sametime, you need to complete the steps in this topic on the Connections server and then complete the configuration on environment which Sametime is running: Docker or Kubernetes.

Procedure

Configure the LDAP for Connections.
1. Log into the WebSphere Application Server Integrated Solutions Console on the Deployment Manager.
2. Click Security > Global security.
3. Select Federated Repositories from the Available realm definitions field and then click Configure.
4. Type the realm name of the LDAP server in the Realm name field. For example: enterprise.example.com:389.
5. Click Apply and then click Save.
6. Restart your Connections deployment.
Configure the domain name.
1. Log into the WebSphere Application Server Integrated Solutions Console on the Deployment Manager.
2. Click Security > Global security.
3. In the Authentication mechanisms and expiration area, expand Web and SIP security and click Single sign-on (SSO).
4. Type your Connections domain name in the Domain name field, ensuring that you add a dot (.) before the domain name.
5. Select the check boxes for Interoperability Mode (optional) and Web inbound security attribute propagation. Make sure Set security to HTTP Only is not enabled.
6. Restart your Connections deployment.
Export the LTPA key file.
1. Log into the WebSphere Application Server Integrated Solutions Console on the Deployment Manager.
2. Click Security > Global security.
3. In Authentication > Authentication mechanism and expiration click LTPA.
4. In the Password and Confirm password fields, enter the password that protects the exported key.
5. Type the file name of the key file that you want to generate in the Fully qualified key file name field.
6. Click Export keys.
7. Click Apply and then click Save.

What to do next

After obtaining the LTPA keys from HCL Connections, follow the steps in the or topic.