Policy to Push ST Server and SSO still broken in 8.5.1 for Standard Client
If you use ST in the client there is a very convenient setting for SSO. You just specify the ST server and enable SSO
(the Notes client uses the Notes Certificate and a NRPC session to the ST Sever to get a LTPA token to authenticate via ST afterwards).
There are separate policy settings for the basic client and the standard client.
The settings (see screen print) for the basic client work fine in 8.5.1 but the settings for the standard client do not work yet.
This was a known issue which should have been fixed in 8.5.1.
I have opened a PMR for this issue and got a new SPR
"SPR SWSN7VCBB8 - Desktop policy: Instant Messaging using SSO setting didn't work"
Because other PMRs are referring to earlier SPRs that should have been fixed according to support I am the first customer reporting this issue.
That means the SPR has a low weight and might not get on the list for 8.5.2 or a fixpack.
In my customer case this is almost a deployment blocker for their CTI and ST environment. (because they have to configure every client manually).
So if this policy setting is important for you or your customers, you might want to open a PMR referencing the SPR and my PMR 65444,SGC,724.
If you open a PMR feel free to send me a mail offline. I am currently trying to build a work-around with support using Lotus Script to set the right plugin properties.
Once I got it working I am happy to share it offline.
-- Daniel
- Comments [5]
1Patrick Picard 23.10.2009 16:31:20 Policy to Push ST Server and SSO still broken in 8.5.1 for Standard Client
Hi Daniel
I think you might need to add the server name in the Desktop Policy
Basics --> "Server options" --> IBM lotus Instant messaging server
Also, if you are packaging Notes to be deployed to the desktops, you can add the settings in plugin_customization.ini
See my blog entry from yesterday
{ Link }
Settings of interest:
com.ibm.collaboration.realtime.community/defaultAuthType=ST-DOMINO-SSO #sets the type of token auth
com.ibm.collaboration.realtime.community/loginByToken=True #checks the box "Use Token based single sign on"
com.ibm.collaboration.realtime.community/tokenLoginOnly=True #forces token based auth
com.ibm.collaboration.realtime.community/host=abc.yahoo.com #use your server FQDN
However, you must make sure that the user doesnt have an xml file in
data\workspace\.metadata\.plugins\com.ibm.collaboration.realtime.login\CANONICAL_NAME.xml
otherwise the plugin_customization.ini won't apply
2Pierre 24.10.2009 21:51:09 Policy to Push ST Server and SSO still broken in 8.5.1 for Standard Client
The only problem left I have is to log people in automatically. Sametime settings were deployed by plugin_customization.ini like Patrick said and the SSO piece was so annoying that we took a server approach to it. We changed the LDAP search string on the Sametime server so that it recognizes both CN and non-CN users. That way I do not care if the box is ticked or not.
3Daniel Nashed 25.10.2009 8:46:03 Policy to Push ST Server and SSO still broken in 8.5.1 for Standard Client
here is what I got from support. there is also a setting for auto login. works fine for me in 8.5.1
-- Daniel
com.ibm.collaboration.realtime.community/defaultAuthType=ST-DOMINO-SSO
com.ibm.collaboration.realtime.community/host=nsh-st.nashcom.de
com.ibm.collaboration.realtime.community/loginByToken=true
com.ibm.collaboration.realtime.community/name=nsh
com.ibm.collaboration.realtime.community/loginAtStartup=true
com.ibm.collaboration.realtime.login/autologin=true
4Marzel Laning 08.11.2009 10:13:25 Policy to Push ST Server and SSO still broken in 8.5.1 for Standard Client
Should "ST-DOMINO-SSO" not be "LtpaToken" to aviod problems with the still hard coded name van the LtpaToken name in some STlinks and other Sametime features.
5Chris McEwan 17.03.2010 16:29:39 Policy to Push ST Server and SSO still broken in 8.5.1 for Standard Client
Hi,
Just a quick message to everyone that provided info on this page.
Very helpful in my efforts to deploy 8.5.1 to 1200 clients !!