Home
HCL Sametime® Administration Guide 12.0.1
Securing
This section provides information on securing your HCL Sametime environments.
Enabling Single Sign-on
The HCL Sametime server installer enables required JSON Web Token (JWT) authentication. Additionally, the Sametime server supports Security Assertion Markup Language (SAML) and Lightweight Third Party Authentication (LTPA) Single Sign-on (SSO).
Setting up SSO using LTPA
You can implement SSO into your environment using Lightweight Third Party Authentication (LTPA) which requires LTPA keys.
Configuring the LTPA token expiry interval on Docker or Podman
LTPA tokens expire by design. In the process of enabling LTPA, you can define the amount of time after which a token expires in minutes. When necessary, you can update the token expiration interval again after the value has been defined during enablement.

HCL Sametime® Administration Guide 12.0.1
- Accessibility features for Sametime
  Accessibility features help users who have a disability, such as restricted mobility or limited vision, use information technology products successfully. HCL® strives to provide products with usable access for everyone.
- What's new
  HCL Sametime and HCL Sametime Premium 12.0.1 provide many new features, enhancements and fixes to servers and clients. Additional releases to version 12.0.1 also provides updates to the product.
- Planning
  This section describes the system requirements and server configurations needed for HCL Sametime and HCL Sametime Premium.
- Installing
  This section provides information on installing the servers for Sametime and Sametime Premium.
- Configuring
  This section provides information on configuring the HCL Sametime server. Configuration tasks are dependent on the deployment environment.
- Securing
  This section provides information on securing your HCL Sametime environments.
  - Encryption usage in Sametime
    HCL Sametime uses several types of encryption to protect data.
  - Securing connections
    The various connections to Sametime can be secured using TLS.
  - Enabling Single Sign-on
    The HCL Sametime server installer enables required JSON Web Token (JWT) authentication. Additionally, the Sametime server supports Security Assertion Markup Language (SAML) and Lightweight Third Party Authentication (LTPA) Single Sign-on (SSO).
    - Setting up SSO using LTPA
      You can implement SSO into your environment using Lightweight Third Party Authentication (LTPA) which requires LTPA keys.
      - Generating LTPA keys
        Lightweight Third Party Authentication (LTPA) uses keys to encrypt and decrypt data being passed.
      - Configuring LTPA in Docker or Podman
        This topic includes the steps to configure LTPA keys on Docker.
      - Configuring LTPA in Kubernetes
        This topic includes the steps to configure LTPA keys on Kubernetes.
      - Integrating with HCL Connections
        You can integrate Sametime to enable chat services in HCL Connections.
      - Integrating Sametime with HCL Domino
        This topic includes the procedure to enable LTPA when Sametime is integrated with the Domino server for use with web based mail, Verse and iNotes.
      - Configuring the LTPA token expiry interval on Docker or Podman
        LTPA tokens expire by design. In the process of enabling LTPA, you can define the amount of time after which a token expires in minutes. When necessary, you can update the token expiration interval again after the value has been defined during enablement.
      - Configuring the LTPA token expiry interval on Kubernetes
        LTPA tokens expire by design. In the process of enabling LTPA, you can define the amount of time after which a token expires in minutes. When necessary, you can update the token expiration interval again after the value has been defined during enablement.
    - Setting up SSO using SAML
      You can implement SSO into your environment using Security Assertion Markup Language (SAML). The process is different for Kubernetes and Docker.
  - Setting up TLS for the Mongo database
    You can update the MongoDB connection with the Sametime server to encrypt data flowing between the Sametime server and a TLS-enabled MongoDB. This step is optional but is recommended for multi-Kubernetes-cluster deployments.
  - Replacing the TLS certificates for Web Chat and Meetings
    The Sametime server is pre-configured with a self-signed certificate. You can replace the self-signed certificate with a third party certificate.
  - Applying Let's Encrypt certificates
    This topic describes how to replace the self-signed certificate with a third-party certificate.
- Administering
  This section provides information on administering on Sametime environments.
- Troubleshooting
  This section provides information on troubleshooting and supporting Sametime environments.
- Uninstalling Sametime
  In the event that Sametime must be removed, follow the procedure for the platform that Sametime is installed on.
- Migrating and Upgrading
  This section provides information on migrating data from an earlier release to Sametime 12.
- Notices

Configuring the LTPA token expiry interval on Docker or Podman

LTPA tokens expire by design. In the process of enabling LTPA, you can define the amount of time after which a token expires in minutes. When necessary, you can update the token expiration interval again after the value has been defined during enablement.

Before you begin

The following conditions must be satisfied.

LTPA must be enabled. For more information, refer to Configuring LTPA in Docker or Podman.
Ensure that the LTPA token created when you sign in to Sametime chat allows access to other Domino applications until the expiration time has elapsed.

Procedure

Open the .env file for editing.
Update the value of LTPA_DURATION_MINUTES. Specify the duration in this format:
```
LTPA_DURATION_MINUTES=<minutes_token_valid>
```
The following example shows LTPA_DURATION_MINUTES set to 90 minutes.
```
LTPA_DURATION_MINUTES=90
```
Add or update the value of JWT_ACCESS_DURATION_MINUTES. Specify the duration in this format:
```
JWT_ACCESS_DURATION_MINUTES=minutes_token_valid
```
The following example shows JWT_ACCESS_DURATION_MINUTES set to 30 minutes.
```
JWT_ACCESS_DURATION_MINUTES=30
```
Save the changes.
Start the Sametime server to apply the changes.
```
docker compose up -d
```

Rate this topic

5 stars 4 stars 3 stars 2 stars 1 star

Comment on this topic.

By clicking this box, you acknowledge that you are NOT a U.S. Federal Government employee or agency, nor are you submitting information with respect to or on behalf of one. HCL provides software and services to U.S. Federal Government customers through its partners immixGroup, Inc. Contact this team at https://hcltechsw.com/resources/us-government-contact. Do not include any personal data in this Comment box. Note: To report a problem or question about the product software, do not use this form. Instead, go to the HCL Software Support site.