Victor Toal May 7 2008 10:28:34 AM
I am currently on a project with a client for a Sametime environment. this client is big on security and they use Netegrity/CA SiteMinder for their SSL/SSO environment. This is actually the first time I am working with SiteMinder so there are a few things I fond out and maybe they will help you. I would also appreciate insight by anybody out there who has more experience in this who might be able to either correct me if I am wrong or point out more issues that I have missed.
Sametime and Netegrity/CA SiteMinder Officially, Sametime STLinks (the web access of Sametime) and SiteMinder is not supported by Lotus. If you call with a problem, you are will told that you are on your own.
Here are some tech notes on the subject right off the bat for you to start looking into this:
(1248541) Online awareness not working in STLinks API applications when using Netegrity SiteMinder
(1243943) Integrating Sametime 7.5 with Netegrity SiteMinder
Basically, you can use SiteMinder on the box that Sametime is installed on and you can get it to work. The Meetings will work and all is hunky-dory. The big B-U-T comes when you want to tie in other web applications and use STLinks for that. That is currently not supported. Mind you, there are ways around it (the client has it implemented) but if you call support with it you will be SOL.
The way you do it is to manipulate the content of the servlets.properties file on the web server you are trying to enable the awareness on to accept the SiteMinder token. I have had to tweak the STLinks Java heap on the Sametime server for better performance to make sure that the awareness look-ups don’t bring the web server to its knees but it works fine. Again, you are on your own here though if implement it.
DWA and Sametime
There were some issues with earlier versions of Sametime and DWA and problems with buddy lists popping up but these seem to have been resolved. This client does not use Domino for mail so I have no way of independently test and confirm this but I have not found any issues with this in my research on the web.
Quickr
There are some internal IBM documents that are not (yet) open to the public that show how to integrate Quickr 8.x with Siteminder. I am not sure when they are due out. there are some older publicly available tech notes on QuickPlace/SiteMinder integration that I found that in the whole are still applicable to Quickr 8.x.
Here some interesting issues form the field: the client had some real issues getting SiteMinder to work – and it all came down to a version issue. The only version that did not crash the HTTP task on the Domino Quickr Server (Domino 8.0.1, Quickr 8.1) and then subsequently crash the whole machine was version 6 QMR3 CR03 of SiteMinder. There are probably a few HF out son that might help with earlier versions but from what I can see, SiteMinder 5x versions are probably not going to work.
Quickr connectors will work as well with SiteMinder but it requires a HF to run and you have to use basic authentication.
Quickr/Sametime integration with SiteMinder
As of now, it does not look like it works. My investigations as of now show it is not supported to pass a STToken or LTPS Token from Quickr to Sametime with SiteMinder. I am still looking into this as I have not yet tried out the whole thing with Sametime 8.x and Quickr integration yet. I might be able to get this to work the same way we have STLinks working with SiteMinder but I have not yet tried that. Look at this blog in a few weeks, I will update on this as soon as I take a shot at it.
