IBM G325-2585-02 User Manual

IBM Lotus Sametime 7.5.1

Release Notes

in stlinks.js without any change:
var is TAM-env=false;

//racingConnTimeout-Timeout between racing connections in milliseconds. The value is sent to the

STLinks applet.

1. Enable reverse proxy support and specify the WebSEAL junction in the Sametime Administration Tool

on the Sametime 7.5.x server.

- Open the Sametime Administration Tool on the Sametime 7.5.x server.

- Select Configuration-Connectivity.

- In the "Reverse Proxy Support" section, select the "Enable Reverse Proxy Discovery on the client"
setting to enable the reverse proxy support.

- In the "Reverse Proxy Support" section, enter the WebSEAL junction name in the "Server Alias"
field. In this example, "st" is the WebSEAL junction name.

2. Create the Tivoli Access Manager WebSEAL junction as shown below:

pdadmin> server task webseald-[

servername

] create -t tcp -h [

sametime hostname

] -p 80 -i -j -A -F [

path to LTPA key

] -Z [

LTPA key password

]/junction

You cannot use the -w parameter for this setup. Some requests generated by Sametime are not
allowed through the junction if the -w exists. You must also ensure that the LTPA key used in the
junction is the same LTPA key that the Sametime server uses in its Web SSO Configuration
document

After performing these configurations, you should be able to login to https://webseal/stjunction and be

prompted by WebSEAL for authentication. Once authenticated, SSO between WebSEAL and Sametime
should work and all requests for Sametime will route through WebSEAL.

Sametime

Sametime Administrator needs to be in LDAP for policies to work

Existing Sametime customers that use LDAP may have the Sametime Administrator defined in the local

Domino Directory. Until now, those customers did not need to have a Sametime Administrator defined in
LDAP; this is now required for Policy Administration.

Proper Configuration
Add the Distinguished Name (DN) of an LDAP user to the Access Control List (ACL) of stconfig.nsf
with the following access: Person/Manager - with all privileges and all roles.

Notes

1. Make sure that you change the commas to slashes when entering the name into the ACL.
2. In the third example below (Sametime Administrator), note that the canonical format changes to the

hierarchical format. Since the LDAP hierarchy matches Domino's hierarchy, the ACL will
automatically normalize the name to the hierarchical format.

For example, if you enter 'cn=Sametime Administrator/ou=Austin/O=IBM', the ACL will automatically
show 'Sametime Administrator/Austin/IBM'. When using Domino LDAP you will see this behavior,
since the hierarchy of Domino LDAP matches the hierarchy system of standard Domino.

Below are examples of what the DN looks like in LDAP, and what it should look like in the ACL:

39