Notes on SSO between WebSphere and domino


  • Install and configure all Lotus Domino servers, and then enable SSO for them all. For example, install and configure Lotus Domino messaging or applications servers, and servers for IBM Lotus Sametime, before you enable SSO.

  • l servers participating in SSO must be in the same Internet domain.

  • To enable SSO, you must enable the IBM Lightweight Third-Party Authentication (LTPA) capabilities included in both IBM WebSphere Application Server and Lotus Domino. The WebSphere LTPA token generated by WebSphere Application Server is imported into Lotus Domino, and this token can be used for all servers within the Lotus Domino domain. Verify that automatic LTPA key generation is disabled on each node of the SSO domain.

  • To enable SSO across multiple Lotus Domino domains, import the same WebSphere
    LTPA token into those Lotus Domino domains.

  • One Web SSO configuration document per Lotus Domino domain can be replicated to all the other Lotus Domino servers in that domain, but enabling multi-server authentication must be done individually for every server in a Lotus Domino domain.

  • Additional configuration may be needed if WebSphere Portal is configured for multiple realms.

No comments: