We are setting up a new Sametime Server 12.0.1 in docker.
Now I try to get Single Logon using LTPAToken to work and I got it running... almost...
I followed the instruction, created an ltpa.keys from Websphere, put it in the sametime configuration custom.env and docker-compose.yml and imported it into Domino.
I created the Web SSO configuration- document and put all home servers of the users in it.
When I use the Sametime embedded client in my Notes 12.0.2 Client I cannot login. The error message is:
We used Sametime 11 before and it worked without this entry for all of the 2.500 users...
Do I have to populate this setting with the mail- home- server for all the users before switching to the new server or is there a way to get Sametime 12.0.1 to work same as Sametime 11 without this?
The authentication server specifies the Domino server that issues the LtpaToken. Previous releases had a Domino server as the base for Sametime Server. If the Domino server with Sametime providing the LtpaToken, there was no need to enter anything in the Authentication Server. With Sametime 12, the authentication server (LDAP) and the Sametime server are different. Setting the authentication server is required.
Rich client settings may be distributed by managed-settings.xml. https://help.hcltechsw.com/sametime/9.0.1/config/config_client_comm_pref.html
Ok, that explains it. I thought, that it was the Mail- Homeserver that was taken, if no entry was in the field.
The company has locations with servers all over the world. The old Sametime server was (and still is) reachable from every location... Now without the domino based Sametime server there is no more universally reachable Domino server for all users. How do I use managed-settings.xml to assign individual Token Servers to individual locations?
And: What are the requirements for a server to be able to deliver the token? Yesterday I tested 4 servers in 2 different clusters. I could login using two of the servers as Authentication servers but not with the other 2 although the cluster partners are configured identically (same LTPAToken, same Domain, etc...). To be clear: I could login with the first server in the German Cluster, but not the second. And I could login with the second server in the Suisse Cluster, but not the first...
@Torsten Link It is easy to automate the settings in the client and push them using Sametime policy. You can do this in advance of your migration.
You can do this two ways, either "Managed Settings" or "Managed community configs".
If you have "Managed Community Configs" then you are pushing down all the connectivity settings to the clients, including hostname, port and optionally connectivity methods (with/ without proxy), as well as your SSO token URL. https://help.hcltechsw.com/sametime/12/admin/managed_community.html
If you have "managed settings" it will override the default community settings with the preference you define. You can have the setting placed as "suggested" and allow the user to change it, or you can set it to "force" and not allow changes.
The token refresh interval should be set to match your Domnino Web SSO expiration. If you don't set it, the default is 15 minutes. (Setting is in ms).
Then you put the xml file on a web server (you can put it on the Domino server that creates the LTPA token if you wish). Say the url is https://domino.example.com/st/managed-settings.xml
Then you update your Sametime policy..
It is the "im.2012.label" or "Sametime update site URL" is the name of the setting in the im policy. Note: Policy refresh is once per hour.
You can either update the default policy, and all users will receive it, or you can create a new policy and assign it to a group of test users (recommended to test first).
Policies are retrieved when the user logs into Sametime, but settings will take effect next time they restart. Please open a support case if you have any questions.
