Configure Lotus Domino and WebSphere Portal to work together

 

Overview

1. Configure Domino server settings to support WebSphere Portal
   • Configure Domino server with the Domino administrative client
   • Ensure that IIOP is running
2. Configure Collaborative Components to use Domino Directory
3. Enabling single signon between WAS and Domino servers

 

Configure Domino server settings to support WebSphere Portal

The instructions in this section configure...

• Access to the Domino server, specifically user and group access to portlets that require Domino-based features and applications.

• IIOP on servers that host databases that portal will access.

  Collaborative portlets and components use IIOP to access and retrieve information from Domino databases. If IIOP is running, portlets that access Domino-based databases include a picker feature that is available to portlet users. The picker feature displays a list of content from Domino databases from which the portlet user can select.

  Although IIOP is not required, it is useful feature for the portal user.

 

Configure Domino server with the Domino administrative client

The following instructions are specific to Lotus Domino 5.0.12, which is shipped with some versions of WebSphere Portal. For information on configuring another version of Domino that is supported by WebSphere Portal, see the Domino documentation for details. To configure the Domino server to support WebSphere Portal:

1. Start the Domino administrative client and type the administrator password.

2. Open the Domino Directory database (names.nsf) for the server.

3. Accept the default settings for Directory Profile and click Save and Close.

4. Open the Server document.

5. Click the Basics tab and complete the following fields:

   • Verify that the server name field is correct.

   • Domain name.

     The Domino domain name should be automatically entered here when the server is registered; if not, enter the Domino domain name.

   • Fully qualified Internet host name, for example, Srv1.Acme.com.

   • Administrator.

     Fill in the name(s) of any administrators who should have access to this server. Depending on your deployment model, you might want to specify additional administrators in this field. The administrators are specified on the Security tab under Server Access.

6. Click the Security tab and specify the following settings:

   • Server Access.

     Use the Access Server field to give users access to the server. (You usually do this through a group.)

     If you leave this field empty, all users who can connect to the server will have access to Domino; this creates a potential security risk.

     Be sure to give all users whom you want to use Domino access to the server. If you don't, any users without access to the server will not be able to run Domino.

     Leave Create new databases empty

     Leave Create replica databases empty.

   • Agent Restrictions and Java/COM Restrictions.

     For all fields, add users or groups for whom you want to give access to the portal.

     Use an asterisk wildcard is useful in a test environment, but in a production environment, you may want to restrict the list to trusted individuals and groups. IIOP must also be running.

     If IIOP is running, the picker feature in a portlets' edit mode will be enabled. The picker feature enables browsing of a given server.

   • On the Internet Protocols tab, do the following:

     1. Select the HTTP subtab, and ensure that the following settings are specified:

        • Host Name

          The fully qualified host name of the server, for example, Srv1.Acme.com

        • Basics

          Set Allow HTTP clients to browse databases to Yes.

          This enables the server and database selection lists that appear when users edit the properties of Lotus collaborative portlets.

     2. If you want to display text in Lotus collaborative portlets in non-Western languages, change the settings under Character Set Mapping appropriately. For example, change Use UTF-8 for output to Yes to display double-byte character sets in Web browsers.

   • On the Ports tab, ensure that the following settings are specified:

     • Port field: A valid network port (for example, TCPIP)

     • Notes Network field: TCPIP Network

     • The server's network address is specified by either the server's numeric IP address or the server's fully qualified host name. The fully qualified host name is preferred; for example, Srv1.Acme.com.

     • Enabled field: Enabled (for the valid network port specified in the Port field)

       Make sure that the remaining Enabled fields are set to Disabled to prevent unnecessary error messages from displaying on the server console.

     • Internet ports tab - IIOP tab. Ensure that the TCP/IP port is enabled and that the name and password is set to Yes for the Authentication Options.

   • Save and close the Server document.

   • Push the server configuration to the secondary servers that host Lotus collaborative functionality for the portal, for example, Lotus Collaborative Components and Notes-based portlets.

   • Restart the server after making these changes.

 

Ensure that IIOP is running

Collaborative portlets and components use IIOP to access the Domino server and get information from databases. To set up Domino IIOP (DIIOP) settings, load the IIOP task to your Domino console, or add it to the ServerTasks value in the notes.ini file of your Domino server (Lotus\Domino\notes.ini), and then restart the server.

 

Configure Collaborative Components to use Domino Directory

This section provides instructions for configuring Collaborative Components to use Domino Directory as the LDAP server.

• Before you begin

• Run the configuration task

 

Before you begin

Read the following information before you begin.

• The following instructions include a configuration task that you run at a command line. Specifically, this task will configure Collaborative Components to use Domino Directory (LDAP).

• Commands are case sensitive.

• A separate topic about configuring WebSphere Portal for Domino Directory is provided in the Information Center. That topic provides information about configuring security (WAS) and Domino Directory without consideration for Collaborative Components. It is possible to configure security to use an LDAP server other than Domino Directory and also configure Collaborative Components to use Domino Directory. If you want to configure Collaborative Components to use Domino Directory, perform the steps in this topic.

• You must have installed WebSphere Portal and IBM Lotus Domino Enterprise Server for this task to complete successfully.

• During the instructions for this task, you will edit the wpconfig.properties file. Create a backup copy of this file before performing the following instructions. For detailed information on working with property files, see Configuration properties .

• Advanced configurations for using Collaborative Components and Domino Directory are available. For more information, see the reference topic Advanced configurations for Lotus Collaborative Components.

 

Run the configuration task

To perform the configuration task, do the following:

1. Open an OS/400 command prompt and start the Qshell Interpreter by entering the following:

   STRQSH

2. Change to the directory /qibm/proddata/webas5/pme/bin

3. Type the following at the command line to stop WebSphere Portal.

   stopServer -instance <instance> <app_server>

   
   

   where instance is the name of the WAS instance, and app_server is the name of the application server. Note: The default name of the application server is the instance name.

4. Locate the /qibm/userdata/webas5/base/<instance>/portalserver5/config/wpconfig.properties file and create a backup copy before changing any values.

5. Edit the /qibm/userdata/webas5/base/<instance>/portalserver5/config/wpconfig.properties file and enter the values appropriate for your environment.
   Note the following:

   • Do not change any settings other than those specified in these steps. For instructions on working with these files, see Configuration properties reference for a complete properties reference, including default values.

   • You can also modify the wpconfig.properties file locally on your iSeries system by entering the following on an OS/400 command line:

     EDTF '/qibm/userdata/webas5/base/<instance>/portalserver5/config/wpconfig.properties'

   • Some values, shown in italics below, may need to be modified to your specific environment.

   Section	Property	Value
   Collaborative Components Properties	LCC.DominoDirectory.Enabled	Description: The property that determines whether Lotus Domino Directory is enabled. Note: Setting LCC.DominoDirectory.Enabled to true enables this component. Setting the value to false disables it. Recommended Value: true Default Value: false
   	LCC.DominoDirectory.Server	Description: The name of the Lotus Domino Directory. Recommended Value: my.server.com Default Value: my.server.com
   	LCC.DominoDirectory.Port	Description: The port number for the Lotus Domino Directory. Recommended Value: 389 Default Value: 389
   	LCC.DominoDirectory.SSL	Description: The property that determines whether Lotus Domino Directory is enabled to communicate over SSL. Note: Setting LCC.DominoDirectory.SSL to true enables SSL. Recommended Value (SSL): true Recommended Value (non-SSL): false Default Value: false
   Database configuration	Dbuser	Description: The user ID for the database administrator. Value Type: Alphanumeric text string Default Value: ReplaceWithYourDbAdminId
   	DbPassword	Description: The password for the database administrator. Value Type: Alphanumeric text string Default Value: ReplaceWithYourDbAdminPwd
   	WmmDbUser	Description: The user ID for the database administrator. Value Type: Alphanumeric text string Default Value: ReplaceWithYourDbAdminId If you are migrating from a previous version of WebSphere Portal, this value must match the database user name for the WebSphere Member Services database from the previous WebSphere Portal version.
   	WmmDbPassword	Description: The password for the database administrator. Value Type: Alphanumeric text string Default Value: ReplaceWithYourDbAdminPwd

6. Save the file.

7. Start the Qshell Interpreter by entering the following on an OS/400 command line:

   STRQSH

8. Change to the directory /qibm/userdata/webas5/base/<instance>/portalserver5/config

9. Type the following command:

   • WPSconfig.sh lcc-configure-dominodirectory

10. Check the output for any error messages. If you encounter an error, check the appropriate logs file for more information. You can locate information about logs in the Use logs topic.

11. Change to the directory /qibm/proddata/webas5/pme/bin

12. Type the following at the command line to start WebSphere Portal.

    startServer -instance <instance> <app_server>

    
    

    where instance is the name of the WAS instance, and app_server is the name of the application server. Note: The default name of the application server is the instance name.

 

Enabling single signon between WAS and Domino servers

If single signon (SSO) is configured between WAS and Domino, a user can sign on to the portal and then access portlets that contain information from a Domino-based application or service without having to enter additional credentials for authentication.

Important: A best practice is to install and configure all servers prior to enabling single signon. For example, install and configure QuickPlace and Sametime before you enable single signon.

To enable single signon, enable the IBM LTPA capabilities included in both WAS and Domino. Domino imports the WebSphere LTPA token generated by WAS, and this token can be used for all servers within the Domino domain.

If you want to configure single signon across multiple Domino domains, you must import the same WebSphere LTPA into those Domino domains.

The following list provides the order for configuring single signon between WAS and Domino:

1. Create the WebSphere LTPA key:

   1. Start the WebSphere Administration Console and log in.

   2. Select Security - Authentication Mechanisms - LTPA.

   3. Type a password in the Password field and provide a name path and file name for in the Key File Name field.

      Tip: Remember the password because type it when you import the LTPA key into the Domino server.

   4. Click the Export Keys button.

   5. Click Save to apply the changes to the master configuration.

   6. Click Save on the next screen.

   7. Log out from the WebSphere Administration Console.

   8. If necessary, copy the key file that you created to a location that is accessible to the Domino machine.

2. Create a Web SSO Configuration document and import the LTPA key:

   If a Web SSO configuration document already exists, you can use it, but you might need to edit it for use with portal. The following instructions provides steps for creating a new Web SSO configuration document.

   1. Start the Domino administrative console.

   2. Open the address book for the server.

   3. Change to the Server - Servers view.

   4. Click the Web button, and then select Create Web SSO Configuration.

   5. Type the domain suffix in the Token Domain field, and then add the Domino hierarchical name of the Domino servers that will participate in the SSO domain in the Domino Server Names field. You do not need to enter the names of the WAS.
      Note: The domain suffix is the end of your domain name, including the period. For example, the domain suffix of region.country.com is .com

   6. Select Import WebSphere LTPA keys from the Keys menu. Click OK if you get an error message that states that the SSO configuration has already been initialized.

   7. Type the path and name of LTPA key file, and click OK.

   8. Type the password for the LTPA key and click OK.

   9. Click OK to the message that states that the key import is successful.

   10. Important: If necessary, click the Basics tab and add a \ to the LDAP Realm field so that it reads yourhostname\:389.

   11. Click Save and Close.

3. Enable multi-server single signon authentication:

   1. Open the server document of the Domino server.

   2. Click the Internet Protocols tab, and then the Domino Web Engine tab.

   3. Next to Session authentication, select Multi-server.

   4. Click Save and close.

   5. Exit the Domino administrative client.

   6. Restart the Domino server.

 

Next steps

You have completed this step. Continue to the next step by choosing one of the following topics.

 

See also

• Reference: Optional configurations for Lotus Collaborative Components
• Deploying Lotus collaborative portlets
• Enable Lotus Collaborative Components