Configure the tokenDomain setting for
single sign-on on the Sametime® Proxy
Server in the stproxyconfig.xml file.
About this task
If the domain in the LtpaToken cookie issued by the Sametime Proxy Server is
not identical to the domain specified in the WebSphere administrative
console, the cookie is not passed to the server by web browsers, and
single sign-on fails. You are then not able to access an IBM Sametime Meeting Server
using single sign-on after login to the Sametime Proxy Server. Instead,
you are redirected to a login page. For example, when you set the
domain as company.com.br, the domain of the
cookie is trimmed to com.br. This procedure is
a workaround to resolve that problem. This issue occurs when you use
single sign-on for domains that have three or more sub-domains.
Procedure
- As a best practice, back up the stproxyconfig.xml file
stored in the following location on Deployment Manager:
wasroot/AppServer/profiles/dmgr_profile/config/cells/cell_name/nodes/node_name/servers/STProxyServer/stproxyconfig.xml
- Open the stproxyconfig.xml file with
a text editor.
- Find or add the
tokenDomain setting in
the configuration section. Specify the valid
domain name. Ensure that the domain includes the preceding
dot. For example, <configuration>
....
<tokenDomain>.company.com.br</tokenDomain>
- Save and close the file.
- Synchronize all nodes using the Full Resynchronize option.
- Restart the Sametime Proxy Server.