Docstoc

How to Integrate Lotus Connections 2.0.1 with Lotus Quickr using Tivoli Access Manager

Document Sample
How to Integrate Lotus Connections 2.0.1 with Lotus Quickr using Tivoli Access Manager Powered By Docstoc
					                   Lotus Connections v2.0.1
                         Lotus Quickr
                          Test Configuration


Configuration name:
Integration with Quickr J 8.1.1/Quickr D 8.2 using Tivoli Access Manager 6.0

Product version:
Lotus Connections 2.0.1 + iFixes
Lotus Quickr J2EE 8.1.1
Lotus Quickr Domino 8.2

Date of issue:
10th March 2009

Authors:

Colm O'Brien
      Lotus Connections, System Verification Test (SVT)

Mark Ecock
      Lotus Quickr, SVT

Morten Kristiansen
       Chief Tester, Lotus Connections SVT




                                                                               ١
1 Configuration diagram for IBM Lotus Connections 2.0.1
  Integrated with Lotus Quickr 8.1.1 using Tivoli Access
  Manager 6.1




                                                           ٢
2 Test drivers

    This test setup was used to test the integration points between the products and for a
    number of user acceptiblily tests. This configuration was not used for workload tests or long
    runs.


3 Machine details

    The breakdown of the hardware used and its specifications is supplied in the spreadsheet
    supplied with this document.


4 Configuration settings
PRE-REQUISITES

   ●   The Lotus Connections server must be installed and setup as per the infocenter
       instructions -
       http://publib.boulder.ibm.com/infocenter/ltscnnct/v2r0/topic/com.ibm.lotus.connections.he
       lp/c_installing.html

   ●   The Lotus Quickr server must be installed as per the infocenter instructions -
       http://publib.boulder.ibm.com/infocenter/lqkrhelp/v8r0/topic/com.ibm.lotus.quickr.admin.
       wpv81.doc/wpf/inst_main.html

   ●   The following resouce may also be useful for Quickr install (Readme for upgrading IBM
       Quickr 8.1.1 services for IBM WebSphere Portal) -
       http://www.ibm.com/support/docview.wss?rs=3264&uid=swg27013353

   ●   The TAM server must be installed and setup as per the instructions available at
       http://www-01.ibm.com/support/docview.wss?rs=3264&uid=swg21283679 and
       http://www.ibm.com/developerworks/tivoli/library/t-lctam/index.html?
       S_TACT=105AGX13&S_CMP=EDU - the administrator of the TAM server must create
       the TAM junction to which both Connections and Quickr servers will connect to.

   ●   All servers must be connected to the same LDAP and share the same LTPA token for
       single sign-on purposes:
       http://publib.boulder.ibm.com/infocenter/ltscnnct/v2r0/topic/com.ibm.lotus.connections.he
       lp/c_security_over.html See also ;
       http://publib.boulder.ibm.com/infocenter/lqkrhelp/v8r0/index.jsp?
       topic=/com.ibm.lotus.quickr.admin.wpv81.doc/ecm/ic_ecm_t_sso_configure_tam.html



INTEGRATION POINTS

The following integration points can be enabled between Lotus Connections and Lotus Quickr:
        1. Business Card Link
        2. Publish documents from activities to library


                                                                                             ٣
        3. Integration with communities

All of these integration points are discussed on the Quickr infocenter:
http://publib.boulder.ibm.com/infocenter/lqkrhelp/v8r0/topic/com.ibm.lotus.quickr.admin.wpv81.d
oc/connections/lotusconnectionsfeaturesinlotusquickr.html


BUSINESS CARD LINK (Quick J2EE)

To enable the business card link on Quickr, please follow the steps below on the Quickr
application server:

   1. Login in Quickr server admin console (http://yourQuickrservername:10060/ibm/console)
   2. Go to Resources > URL Providers > Browse Clusters, click ok.
   3. Select the Default URL Provider
   4. On this page click URLs link on the right hand side.
   5. On this page click New button. Enter following values:
      ● Name: CONNECTIONS_PEOPLE_CARD
      ● JNDI name: JNDI_CONNECTIONS_PEOPLE_CARD
      ● Category: CATEGORY_CONNECTIONS_PEOPLE_CARD
      ● Specification: http://yourConnectionsServer.ibm.com/profiles/html/businessCard (The
              URL of your connections server)
   6. Restart Quickr.


ACTIVITIES PUBLISH FEATURE

To enable the publish feature to work the <PublishFile> settings in the file 'oa-config.xml' needs
to be changed. This xml file can be found in the following directory:

 <WAS_HOME>/profiles/<profile_name>/config/cells/<cell_name>/LotusConnections-config

Within this file look for the following section and set the parameters as below:

        <PublishFile enabled="true" allowCustomServers="false" requireSSO="true">
                <server>http://<TAM-Host.acme.com></server>
        </PublishFile>

The parameters are explained in the following table:

                  Parameter                                Function

             allowCustomServers    This parameter allows the user to specify any available
                                   Lotus Quickr server when attempting to publish a
                                   document.

                 requireSSO        Setting this value to true requires that Single Sign on is
                                   enabled between the Quickr and Connections servers

                                                                                                ٤
                                  – the user will not allowed to enter credentials when
                                  attempting to publish.

                  <server>        As many Quickr servers as required can be specified
                                  within the PublishFile section by using the notation
                                  above and giving a new line to each server specified.


More information on this can be found at the following link:
http://publib.boulder.ibm.com/infocenter/ltscnnct/v2r0/topic/com.ibm.lotus.connections.help/t_ad
min_act_publish_to_quickr.html


COMMUNITIES INTEGRATION POINTS

The installation of the Lotus Connections Connector for Quickr ensures the presence of the
Communities integration points. Follow the instructions on installing this from the infocenter:
http://publib.boulder.ibm.com/infocenter/ltscnnct/v2r0/topic/com.ibm.lotus.connections.help/c_ad
min_communities_quickr_integration.html.

Note that as this document is based on the installation in a non-clustered environment it is
important to reference the section Installing Lotus Quickr connector in a Network Environment to
ensure that the connector is configured correctly for all nodes in the cluster:
http://publib.boulder.ibm.com/infocenter/ltscnnct/v2r0/topic/com.ibm.lotus.connections.help/t_ins
tall_quickr_network.html


Supporting Lotus Quickr Authenticated Feeds

In order for the feeds from Quickr Wiki/Teamspace to load in the connections environment a
change is required to the 'proxy-config.xml' file. This is discused in the connections InfoCenter
but there is a change beyond this required to load these feeds in Communities due to the
presence of the TAM server -
http://publib.boulder.ibm.com/infocenter/ltscnnct/v2r0/topic/com.ibm.lotus.connections.help/t_ad
min_communities_support_quickr_feeds.html

The TAM session cookie (PD-H-SESSION-ID) need to be added to the section of the proxy
config file below. This ensures that the proper credentials are passed between the two
applications and the TAM server enabling the feeds to load.

       <proxy:policy url="http://<tamserver.acme.com>:<port_number>/*" acf="none"
               allowAuthRequest="false">
               <proxy:actions>
                       <proxy:method>GET</proxy:method>
                       <proxy:method>POST</proxy:method>
                       <proxy:method>PUT</proxy:method>
                       <proxy:method>DELETE</proxy:method>
               </proxy:actions>
               <proxy:cookies>
                       <proxy:cookie>JSESSIONID</proxy:cookie>
                       <proxy:cookie>PD-H-SESSION-ID</proxy:cookie>
                       <proxy:cookie>LtpaToken</proxy:cookie>

                                                                                             ٥
               </proxy:cookies>
               <proxy:headers>
                       <proxy:header>User-Agent</proxy:header>
                       <proxy:header>Accept*</proxy:header>
                       <proxy:header>Content*</proxy:header>
                       <proxy:header>Authorization*</proxy:header>
               </proxy:headers>
       </proxy:policy>


After all of the above changes are made the Lotus Connections server should be restarted – the
Lotus Quickr server may also need to be restarted for changes to take effect.




INTEGRATING LOTUS CONNECTIONS WITH QUICKR DOMINO 8.2


When connecting to a Quickr Domino deployment there are some slight changes to the process
of enabling the business card and enabling communities integration to that of a J2EE Quickr
configuration. While the above discussion is still valid there are some important considerations
to be taken into account to ensure proper functioning of the integration points with the domino
server. Unless stated explicitly below, the integration process for Quickr Domino is the same as
already outlined in this document.

To configure Lotus Connections 2.0.1 with Quickr Domino 8.2 the following process should be
followed.



Enable the Business Card

To enable the business card link between the Quickr Domino server and Connections server,
details of the connections server need to be provided in the qpconfig.xml on the Quickr Domino
server, as below:

       <profile_server>
               <server_name>
                       connectionsServer.ibm.com
               </server_name>
               <semantic_tag_service_location>
                       /profiles/ibm_semanticTagServlet/javascript/semanticTagService.js
               </semantic_tag_service_location>
               <javelin_tag_location>
                       /profiles/html/personTag?template=personTag.jsp
               </javelin_tag_location>
       </profile_server>




                                                                                            ٦
Communities Integration

   ●   Upgrade to LC 2.0.1.1 Fixpack

       This fixpack contains many fixes required to integrate with the Quickr Domino server as
       well as fixing various other issues present in LC 2.0.1. The fixpack can be found on fix
       central, (http://www-933.ibm.com/support/fixcentral/), see the following link for
       instructions on how to install fixes to Lotus Connections:
       http://publib.boulder.ibm.com/infocenter/ltscnnct/v2r0/topic/com.ibm.lotus.connections.he
       lp/c_installing_fixes.html

   ●   It is recommended to install the Lotus Connections Connector for Quickr after the
       installation of the 2.0.1.1 Fixpack. This is not, however, a requirement and this is
       discussed in Question 8 of the troubleshooting section below.

   ●   After upgrading to the 2.0.1.1 Fixpack and installing the connector please download and
       install the following iFix from ibm fix central (http://www-933.ibm.com/support/fixcentral/):

       ○   IFix ID: LO40261


Change to httpd.conf to ensure proper functioning of the Lotus Quickr Picker

When using a remote http server in front of Lotus Connections server the following parameter
should be added to the end of the httpd.conf:

   ●   'AllowEncodedSlashes On'

This should be added to both the SSL and non SSL section of the httpd.conf. This is outlined in
the following technote http://www-01.ibm.com/support/docview.wss?
rs=3265&context=SSYGQH&dc=DB560&dc=DB520&uid=swg21384114&loc=en_US&cs=UTF-
8&lang=en&rss=ct3265lotus

For example:

       ServerName <http-server-host>
       SSLEnable
       AllowEncodedSlashes On
       </VirtualHost>
       </ifModule>
       SSLDisable
       Keyfile "/opt/IBM/HTTPServer/sslkeys/plugin-key.kdb"
       SSLStashfile "/opt/IBM/HTTPServer/sslkeys/plugin-key.sth"
       AllowEncodedSlashes On



Note: For information on how to integrate Quickr Domino with TAM see the following article on
the Lotus Quickr Wiki:
http://www-10.lotus.com/ldd/lqwiki.nsf/dx/06162009064746AMWEBENW.htm




                                                                                                ٧
SUMMARY

This document explains the steps required to enable Lotus Connections to integrate with Lotus
Quickr when using the Tivoli Access Manager for login and single sign on purposes. The steps
required are:

   1. Install Lotus Connections, Quickr and Tivoli Access Manager

   2. Create the TAM Junction and share LTPA tokens between the applications

   3. Decide which integration points are required and make the changes described above.

   4. Seek help from troubleshooting section below for the most common issues with this
      setup.


Once successfully setup you will now be able to log onto connections/quickr via the following
address - http://tam-server/<component_name> where component_name is one of the
Connections components or lotusquickr. The following screenshots show how the configuration
will now look:

1. Login Page




2. Business Card Link in Quickr




                                                                                          ٨
3. Publish Document from Activities:




4. Communities Integration Points

       Including Quickr Places:




       Quickr Places / Feeds on Community Overview Page:




                                                           ٩
TROUBLESHOOTING – FREQUENTLY ASKED QUESTIONS

1. Communities with Quickr places are not creating correctly due to an authorization
error.




The above error can occur for a number of reasons – the most common are:

   ●   Firewall preventing the application server from communicating with TAM server
       correctly. Ensure that the Connections application server will not be challenged for
       credentials when attempting to make changes on the Quickr application server. Make a
       rule on your firewall if necessary to achieve this.

   ●   The following API's are not configured to allow basic authetication:
        - /webcontent
        - /myqcs
       If this is the case please configure this seeting on the TAM server.

   ●   Single sign on is not correctly configured between the products. Repeat the steps for
       single sign on described in this document. Ensure that:
        - the same LTPA token is shared between all components of the configuration
        - ensure that the system clocks are within 5 minutes of each other on all machines



2. I want to change the properties relating to Quickr Server but I do not want to
uninstall/re-install the Connector again. How do I do this?

When the connector is installed it creates the following file containing the properties of the
Quickr server – communities-quickr-config.xml. This is created in the following folder:

 <WAS_HOME>/profiles/<profile_name>/config/cells/<cell_name>/LotusConnections-config

       <comm:QuickrServer name="DefaultServer">
            <comm:host><TAMServer.acme.com></comm:host>


                                                                                                 ١٠
             <comm:port>80</comm:port>
             <comm:sslPort>443</comm:sslPort>
             <comm:useSSL>false</comm:useSSL>
             <comm:authentry>node/quickrconnector</comm:authentry>
             <comm:useSSO>true</comm:useSSO>
             <comm:serverType>Portal</comm:serverType>
       </comm:QuickrServer>

In the config discussed in this docment a portal server is used to host Quickr and hence the
above section of this file contains the information pertaining to the intergration between the
communities and quickr servers. The above parameters are explained in the following table:

    Parameters           Function

    comm:host            This is the host where Lotus Quickr can be found on the TAM server. This
                         is specified during the installation of the Connector.

    comm:port            This is the port for http traffic on the TAM server – typically this will be
                         port 80. This is specified during the installation of the Connector.

    comm:sslport         This is the port for secure communications between the Connections
                         server and TAM server – typically port 443. This is specified during the
                         installation of the Connector.

    comm:useSSL          This parameter determines whether SSL should be used when
                         communicating with the specified host.

    comm:authentry       This is the user specified for managing Lotus Quickr. This user property
                         can be found in the admin console under 'security → secure,
                         administration, applications and infrastructure → JAAS – J2C
                         Authentication data'

    comm:useSSO          This parameter specifies if SSO is to be used between the products – if
                         set to false then the user will be prompted for credentials when
                         attempting to use communities/quickr integration.

    comm:serverType      This parameters specifies the type of application server which is being
                         connected to. This should not be changed. There are other sections in
                         this document for other server types.



3. I am seeing an authentication error in place of a Quickr feed on my community
overview page.




                                                                                                        ١١
This is caused because not all of the correct cookies or headers are passed between the
application servers and TAM server. In the section in this article dealing with this topic only the
cookie PD-H-SESSION-ID was added to the default values. However if SSL was being used
between Quickr and TAM then the following properties would also need to be added:

                       Properties                                          Function

 <proxy:cookie>PD-S-SESSION-ID</proxy:cookie>            This is the secure cookie for the TAM server.
                                                         To be used when there will be SSL
                                                         communications between the Connections
                                                         and TAM servers

<proxy:header>WWW-Authenticate</proxy:header>




4. Clicking on the different components in the navigation bar re-directs me to the HTTP
Server instead of the TAM server.

This would occur because the links to which the navigation bar points to has not been updated
to direct the user to the TAM server. Follow the steps in the infocenter at the following link
again, this time ensuring that all href and ssl_href properties are pointing to the url of the TAM
server and not the http server or any other values.

http://publib.boulder.ibm.com/infocenter/ltscnnct/v2r0/topic/com.ibm.lotus.connections.help/t_ma
p_apps2ihs.html

Once complete restart all instances of the Connections application server.



5. I am using a clustered deployment of Lotus Connections. Is this much different to
configure?


In a clustered topology the Lotus Connections Connector for Quickr must be installed on all of
the nodes individually. All of the above steps should then be performed on the deployment
manager before synchronising all of the nodes in the deployment.

6. How to configure TAM logout screen to return to TAM login screen


See the following resource:
http://publib.boulder.ibm.com/infocenter/wpdoc/v6r0/index.jsp?
topic=/com.ibm.wp.ent.doc/wpf/sec_chg_login.html




                                                                                                  ١٢
Note: If you don't do this then when you logout, after a TAM login session, you will be returned
to the standard Quickr Login screen; you will then need to exit the browser and restart the
browser to login via TAM login

7. Connections has been upgraded to fixpack 2.0.1.1 but now communities integration is
not working?

When upgrading to V2.0.1.1 Fixpack of Lotus Connections an issue can occur where managed
applications (such as Lotus Quickr connector) are removed. There is an iFix to address this
issue:

   ●   iFix number: LO40261. This iFix should be installed after the upgrade to V2.0.1.1 is complete.

When the Quickr Connector was not installed prior to the upgrade to V2.0.1.1, the connector should be
installed after the upgrade followed by this iFix.

More information and release notes for fixpack LC 2.0.1.1 can be found at the following link:
http://www-01.ibm.com/support/docview.wss?uid=swg21386185




                                                                                                  ١٣

				
DOCUMENT INFO
Shared By:
Categories:
Tags:
Stats:
views:8
posted:12/4/2011
language:English
pages:13