IBM LOTUS TEAM WORKPLACE 6.5.1 User's Manual
Contents
1. rnern rreren Minimum of 5 characters The Administrator ID file will be stored inside the server s Domino Directory w M Also save a local copy ofthe ID file Browse CALotusiDominoDataiadmin id D wantto use an existing Administrator IE file Browse PaLowsitominoWataadmin id Help Back nete Cancel Also be sure to select the Web Browsers HTTP services option since it is not selected by default x What Internet services should this Domino Server provide Rites software Select the Internet services this Domino server will provide Basic Notes and Domino services are setup by default You can always change these options later in the Domino Directory Setup Internet services for C Internet Mail Clients SMTP POPS and IMAP services M Directory services LDAP services To customize all other Domino services click Customize Customize Help Back nete Cancel After this configuration process ends start your Domino server and ensure that it starts up correctly You should also use the admin id file created above to enable you to administer the server from a Domino Administrator ClearTrust edge Installation amp Configuration of the RSA ClearTrust Agent for Domino Prior to beginning installation of the RSA ClearTrust Agent stop the Domino server Then start the agent setup program Ensure that the agent detects the correct installation directory2. When Domino starts you should be able to see startup notices for LTWP and RSA ClearTrust DSAPI filters Note that the LTWP message will show up as QuickPlace la ps116 lbwp Lotus Domino Server B29 28H B29 26H B29 26H B29 26H B29 20H B29 26H B29 26H 42 89 28H 10 48 08 10 48 08 10 48 08 10 48 09 10 48 09 18 48 09 10 48 09 10 48 09 on Loaded successfully A269 2665 sfully B2 69 26065 B2 69 2065 10 48 09 10 48 09 10 48 18 oaded successfully H2709 2005 BH 89 28S 2 9 28S t does not A 89 265 Be 89 2665 a 16 45 18 16 45 18 16 48 7 18 exist 16 45 7 18 16 48 11 10 48 12 AM AM AM AM AM AM AM AM AM SchedMgr Validating Schedule Database Mail Router started for domain LIWP Router Internet SMTP host psii6 in domain pe rsa net AMNgr Executive i started LDAP Schema Finished loading JUN Java UVirtual Machine initialized HTTP Server Java Virtual Machine loaded HTTP Server DSAPI Domino Of fF Line Services HITP extensi HTTP Server DSAPI QuickPlace DSAPI Filter Loaded succes SchedMgr Done validstceary schedule Petabase HTTP Server DSAPI ClearTrust Agent 4 6 Yor Domino 6 5 L LDAP Server Started HTTP JUM File or directory Domino Data domino serv le nit LACE SUCCESSI loaded Web S50 Configuration Quick Place Server started A350172 BA HTTP Server Started Using the RSA ClearTrust Entitlements Manag
3. iL Back Cancel Once LTWP is installed and configured restart Domino and ensure that it starts successfully Next Domino must be configured for multi server single sign on according to the instructions in the Lotus Team Workplace Administrator s Guide ClearTrust edge Disable ClearTrust DSAPI Filter Note There is a known issue with authenticating via the QuickPlaceLoginForm while the agent is installed While using RSA ClearTrust Agent v4 6 for Domino authenticating a user via QuickPlaceLoginForm may cause the Domino server to exit See Known Issues for more information Because of this issue disable the RSA ClearTrust DSAPI filter for further configuration it will be re enabled later To do this start the Domino Administrator and open up the server document for the server you created for LTWP Under Internet Protocols on the HTTP tab you will see the DSAPI section halfway down on the right hand side of the document Remove the ct_domino65_agent dll entry but make note of it as you will replace it later Then restart the Domino server Legout Preferences Help 3 gt Tools a gt ment Server De To DSAPI E All Server Doc i i z i e A Configurations Disabled DSAFI filter file names ndolextn E Parameters nquickplace CADominoAgent4 6 J Connections Vlib ct_domino
4. D ata a domino a Doc gtrhome help gt Motes mail modems eeting rchive a PlaceLatalog ft F QuickPlace Administratian Request admin nat Java AgentRunner agentrunner ns Bookmarks 6 bookmark net Local free time into busvtime rst Catalog Ei catalog net lnwo s Certification Log certlog net Serer Cerificate Admin certsr net Domino Directory Cache dbdirman net Offline Services doladmin net ClearTrust ClDominoliDataladm R6 43 0 ClDominoliDatalager R5 41 0 CAiDominoDataiboot RG 43 03 CDominoliDatalbusy AG 43 0 C DominolDatalcata RE 43 0 C DominolDatalcern RE 43 0 CDominolDatalcerts R6 43 03 CDominoliDataldbdi RG 43 03 ClDominoiDataldola RG 43 0 2 161 152 450 752 fr d40 032 343 216 1 898 496 456 752 Torie r46 496 D24 258 Page 10 5 Create a mapping form to map authentication to the QuickPlaceLoginForm a Applies To All Web Sites Entire Server b Target Database QuickPlace resources nsf c Target Form QuickPlaceLoginForm b Then Click Save and Close LTWP Domain EE Sign In Form Wapping All 3g Applies To All Web Sites Entire Server Specific Web SiteVirtual Server Comment ry Target Database T QuickPlacefresources nst Target Form T QuickPlaceLoginFaorrr a 6 Open the notes ini file located in the Domino install directory and add the following parameter QuickPlaceUseDSAPIDNs 1 7 Restart both servers ClearTrust pees Point Team Workplace at Do
5. for Domino Make sure that the SSL settings entered in this process match the settings in your RSA ClearTrust servers configuration files For more information consult the RSA ClearTrust Agent for Domino s Installation amp Configuration Guide During the installation procedure you will be prompted for the address of a Dispatcher server and an Entitlements server While the dispatcher s address is required the Entitlements server s address is required only if it is not connected to a dispatch server Remember the web server name you enter during the setup as you will need to enter the exact same name into the Entitlements manager Installation amp Configuration of Lotus Team Workplace To begin installation stop the Domino server and then run the LTWP setup program Ensure that it detects the correct Domino installation directory After the installation concludes a setup program will run During the configuration you will be asked for credentials for an administration account Note Ensure that this user name is unique among user names from any LDAP stores you will attach LTWP to LTWP authenticates to a separate data store by default and will not be able to distinguish between users if there is overlap Specify name and password X n Provide the name and password for the person who is going to Lotus software administer this Lotus Team Workplace server User name Password ee Verify password i i
6. 65_agentdll 5S Programs Extemal Domain Networt NOTES INI fle El Cleanup script file EA Messaging Disabled ClearTrust Page 7 Enable Domino SSO Once the server restarts start configuring the LTWP installation e Create a Web SSO Configuration document or add the LTWP server onto an existing one When creating the SSO document this guide used a Domino SSO Key e Create a mapping form to map authentication to the QuickPlaceLoginForm e Restart the server 1 Use the Domino Administrator and open the hub server a Select the Configuration tab b Inthe navigation pane choose Server c Click the Web button and select Create Web SSO Configuration PELAB Domain welcome X People amp Groups Files Server Messaging Replication Configuration TTE z if Server peDevrsaPE Use Directory Current Server Release 6 5 3FP1 on Windows NT 5 2 7 l Server Q add Serer edit Server F add to Cluster Delete Server we idl a Current Server Document All Server Documente Domain Ss Severs Me A i i Create URL Mapping Redirection oeaan raek 1 Connections ape an Create File Protection Programs pia lie pared SANER Create Realm k a External Domain Network Inf view Current Configurations E5 Messaging Create Web 550 Configuration a Replication Note If you have a mixed R5 D6 environment you will need to use the Create Web R5 SSO configuration button found in the act
7. BERR RSA ClearTrust Ready Implementation Guide for Portal Servers and Web Based Applications Last Modified March 15 2005 1 Partner Information Product Description IBM Lotus Team Workplace QuickPlace is a business ready self service work space expressly designed for team collaboration With Lotus Team Workplace users can instantly create secure work spaces on the Web providing them with a Place to coordinate collaborate and communicate on any project or ad hoc initiative Product Category Internet Intranet 2 Contact Information Sales contact Support Contact 800 IBM 4YOU 800 IBM SERV www lotus com products www ibm com software lotus support ClearTrust rede 3 Solution Summary Feature Details Use UserID for SSO Yes Use UserID for Personalization Yes Recognize Authentication Type No API level Authorization Support No RuntimeAPI User Management No AdminAPI 4 Integration Overview To achieve single sign on with Lotus Team Workplace the RSA ClearTrust Agent for Domino is installed on the Domino server The agent is then configured to protect all Team Workplace pages as well as any other desired pages The Domino server is configured for multi server single sign on and authentication enabled After this users authenticated via either a ClearTrust authentication mechanism or Domino s internal authentication will be able to access all protected Domino assets Domino Server ClearTrust S
8. Cloudscape as its user repository To ease the SSO process it should be using only Domino users By pointing LTWP at Domino and not allowing new user creation the only user in Cloudscape will be the LTWP administrator created during installation The RSA ClearTrust repository for the purposes of this implementation guide will be kept separate from the Domino user repository so those two will need to be separately synchronized Log back into LTWP as the LTWP administrator This time select Security under Server Settings In the administrator section click Add and add a Domino user as LTWP administrator Security quickplace Microsoft Internet Explorer File Edit View Favorites Tools Help Lotus Team Workplace admin Sign Out Back Next Go Up Instructions Server Security Add Access Administrators Provide membership information for those who are permitted to administer this server Note Security that administrators have supreme power including deleting places and PlaceT ypes User Directory Type the name of each individual or group to add on 4 new line or click Directory to select names from the Other Options directory Select Time Zone admin rsa Directory Help Clear All Remember to enter each name on a new line ClearTrust eee ie Cleaning Up Now re insert the ClearTrust DSAPI filter in the server document Then restart the server one last time Testing the Setup
9. ID that created it If another administrator subsequently needs to edit the document the administrator will receive a warning about the document being encrypted and will not be able to edit it If this happens delete the document and create a new one so that you can add all the servers to the document ClearTrust eager 3 Open each Server document and make the following changes to the Internet Protocols Domino Web Engine tab a Session authentication Multiple Servers SSO b Web SSO Configuration LtpaToken c Then Click Save and Close Server Messaging Replication Configuration Server ps1 1 6fltwp Release 6 5 2 on Windows NT 5 2 Dm 2D create Web R5 2 cancel Curent Server Document Configurations Connections Prograrns External Domain Network nt p E Messaging 5 Replication p Ti Directory a Policies Web Server Configurations Server ps116 Itwp Use Directo Basics Security Ports Serer Tasks Internet Protocols MITAS Miscellane HTTP Domino Web Engine DIIOP LDAP Session authentication Multiple Servers 550 Web 550 Configuration LipaToken 4 Open domcfg nsf If domcfg nsf does not exist you will need to create it See the Domino documentation for information on how to do this People amp Groupe Files Server Messaqing Replication Configuration Sewer psl 1 6lltwp Release 6 5 2 on Windows NT 5 2 F C Dominos
10. er create entries for the Domino server and a sample Domino user Then define resources for homepage nsf and QuickPlace on that server and entitlements for your sample user Remember that in Domino you must protect the database and views separately e g abc and abc Finally add entitlements for the sample user for the Domino server resources ClearTrust PAJEN From a new browser browse to hitp servername domainname You should see the Domino homepage Then go to homepage nsf which should show you the same page after authentication via RSA ClearTrust Clear Trust Basic Login Form Microsoft Internet Explorer File Edit View Favorites Tools Help Address E amp A ClearTrust a S ClearTrust BASIC Login Required You are attempting to access a protected resource Please identify by entering your user ID and password Copyright 1997 2002 RSA Security Inc All rights reserved Powered bry ClearTrust ilii When you navigate from there to the QuickPlace home page QuickPlace you can see that you are automatically recognized by the RSA ClearTrust agent Welcome quickplace Microsoft Internet Explorer File Edit View Favorites Tools Help Address A http ps1 15 pe rsa net QuickPlace quickplace Main nsffh_Toc 4dF38292d74806e9d05256 70800167 v EJ Go 1G Team Wor all IT ee admin Sign Out Welcome Mly Places Welcome to IBM Lotus Team Workplace Create a Place IBM Lotus Team Wo
11. erver Team Workplace a ClearTrust Agent a Client Browser a Domino Web Server a 3rd Party LDAP Server Domino LDAP Server ClearTrust eager 5 Product Requirements Hardware requirements Component Name Lotus Domino 256Mb 1Gb 1 5Gb recommended Software requirements Component Name Lotus Domino Operating System Version Patch level 5 1 5 2 OS 400 VSR1 VSR2 i50S VSR3 Solaris o BS O Component Name Lotus Team Workplace Operating System Version Patch level AIX OS 400 Windows 2000 Windows 2003 Solaris BO Component Name RSA ClearTrust Agent for Domino Operating System Version Patch level 6 5 11F 1 ClearTrust Pee 6 Product Configuration This section provides instructions for integrating the partners product with RSA ClearTrust This document is not intended to suggest optimum installations or configurations It is assumed that the reader has both working knowledge of the two products to perform the tasks outlined in this section and access to the documentation for both in order to install the required software components All products components including the ClearTrust servers and Entitlements Manager need to be installed and working prior to this integration Perform the necessary tests to confirm that this is true before proceeding In order to achieve this integration the following steps are necessary e Install amp Configure Domino Server e Install a
12. ion bar of Server documents If you have a pure D6 environment you can use the method outlined here or use Internet Site documents For more information see the IBM Redbook ClearTrust eager 2 Inthe SSO Configuration document make the following entries Select LtpaToken Leave the Organization field empty c Select and add all of the servers from the directory to the Domino Server Names field this uses the proper hierarchical name for each server d Enter the Internet domain that all of your servers share you should precede this name with a leading period Domino 6 will insert it when the document is saved if you forget Configuration Mame LipaToken Expiration minutes 300 Organization Idle Session Timeout Enabled DAIS Domain pera net Domino Server Mames pe116lltwp e Select Keys from the action bar and click Create Domino SSO Key You will receive a confirmation when it has been successfully created E Save amp Close F Keys 7 x Cancel ae Create Domino 550 Key i E Import WebSphere LTPA Keys Web SSO _Mpert Websphere LTPA Keys he Configuration Mame LipaToken 4 Expiration minutes 3005 F Organization J idle Session Timeout l Enabled DAIS Domain T pe rsa nety Domino Server Names pe11Biltwp a f Save and close the Web SSO document Note The Web SSO document is automatically encrypted with the user s
13. ion of identity personalization in 3 Party Product Successful recognition of identity personalization after SSO with other RSA ClearTrust supported Web Server Login Graded Authentication Access Denied for unauthorized user Successful login for authorized user Successful recognition of identity personalization in 3 Party Product Successful recognition of identity personalization after SSO with other RSA ClearTrust supported Web Server Result SWA ATB P Pass or Yes F Fail N A Non available function ClearTrust Page 16 8 Known Issues Authentication Via QuickPlaceLoginForm May Cause Domino Server Exit While using RSA ClearTrust Agent v4 6 for Domino authenticating a user via QuickPlaceLoginForm when the ClearTrust DSAPI filter is in place may cause the Domino server to exit There is a fix available for this behavior from RSA technical support To acquire this ask for RSA ClearTrust Agent Hotfix 4 6 0 17 This issue can also be worked around by deleting the login mapping created in the Web Configuration Database and protecting the Team Workplace resources with ClearTrust ClearTrust PAJEK
14. mino User Store Open up LTWP home page in a browser and login as the LTWP administrator created during installation Under Server Settings select User Directory then Change Directory Select Domino Server as the type and point it at your Domino server Then select to disallow new users Save your changes and log out of LTWP This is necessary so LTWP will pick up the Domino users EL User Directory quickplace Microsoft Interr net Explorer Change User Directory Back Ment You can specify a user directory from which place members can be selected Directory You can specify a directory from which place managers can select members Select the directory type and name below Type Domino Server warming New installations should not use this directory type Directory access using the Domino NRPC protocol is supported for backward compatibility purposes only You should convert to LDAP for directory access before you upgrade the external user name format in any of the places on this server See the installation documentation for more information Name pst 1h pe rsa net New Users Do you want to allow place managers to create new users in each place or require managers to select existing users only from the available directory Allow managers to create new users in each place Disallow new users Require managers to select ewstng users from the available directory te By default LTWP uses
15. mp Configure RSA ClearTrust Agent for Domino e Install amp Configure Lotus Team Workplace Installation amp Configuration of the Domino Server Using the Domino 6 5 1 installation media start the setup program During the setup process customize as necessary for your requirements but be sure to choose to install the Domain Enterprise Server After the installation of the base server install the Interim FixPack 1 Lotus Team Workplace LTWP requires Domino 6 5 1 IF1 Also if you do not already have a Domino Administrator client already installed you should install one at this time Configuration Once the basic server and IF1 are installed start the Domino server When you start it for the first time you will be prompted to configure the server Unless you have a pre existing Domino installation that you are integrating this server into select the stand alone server option During the setup process if you save an external copy of the administrator s id file it will be easier to find from the client ClearTrust cede x Specify an Administrator name and password item software To create the Administrator s ID you must provide the administrator s name and password You can use the name ofa specific person or a lastname only to create a generic Administrator ID that can be used by several people First name Middle Last name for generic account namie fadin E Administrator password Confirm password
16. rkplace QuickPlace is an PlaceTynes award winning standards based tool for team ae collaboration You can easily create a secure Serwer settings shared workspace for your team that will help you communicate share information and resources keep track of meetings and tasks and deliver projects on time Select Time Zone Help Key Features Easy to use team workspaces Simple browser based access Excellent integration with Microsoft Office Team calendar integration with Lotus Notes and Microsoft Ciuthiok ClearTrust pede As a last check navigate to the web administration database webadmin nsf You will Notice that even though the web admin database is protected by Domino and not by RSA ClearTrust the Domino agent supplies the credentials to Domino s native authentication and the user is recognized from his RSA ClearTrust SSO cookie A ps115 rsa rsa Administration Microsoft Internet Explorer Seles File Edit View Favorites Tools Help ae Address 2 http lips115 pe rsa netiwebadmin ns k ao People amp Groups Files l Server Messaging Replication Configuration LJLogout Preferences He E fou admintsa are connected to EN Semer name p115 rza Host name p115 pe r a net 80 SS Version and build Release 6 5 11F1 194 EN Operating system Windows 2003 Server Windows 32 Directory amp partition CAD omino D ata C Domino Data Server date amp time 12 16 2004 04 22 33 PM Elap
17. sed up time 2 days 05 47 53 Tranzactions minute Last minute O Last hour 1 Peak 81 Peak of sessions 4 at 12 76 2004 04 09 34 PM Transactions 83 Mas concurrent 20 Waiting tasks 0 Availability Indes 100 state AVAILABLE Mail domain EE Mail tracking Not Enabled Mail journalling Not Enabled Shared mail Not Enabled his ace 1 ClearTrust nade 2 7 Certification Checklist for Portal Servers and Web Based Apps Date Tested February 7 2005 Product Tested Version RSA ClearTrust 5 5 2 5 5 3 Team Workplace 6 5 1 Domino 6 5 11F1 6 5 2 6 5 3 4 6 Test Case Product Characteristics for SSO Support Application Portal is web based and supports access by a standard HT IP based browser Application Portal runs on Web Server Platform supported by RSA ClearTrust Application Portal login interface can be modified or replaced Application Portal can extract user information from RSA ClearTrust session cookie Application Portal can extract user information from HTTP Headers Application Portal can extract authentication type from RSA ClearTrust session cookie Application Portal can extract authentication type from HTTP Headers Application Portal can perform SSO with other RSA ClearTrust supported Web Server Login General HTTP basic authentication Forms based Forms based w URI retention Login Basic Authentication Access Denied for unauthorized user Successful login for authorized user Successful recognit
Download Pdf Manuals
Related Search