You can integrate HCL iNotes and/or HCL Verse on-Premises, with Sametime 11 via ST Proxy server, the same way the integration was done with Sametime Version 9.0.1.
But before you can integrate the products mentioned above, you have to configure Single-Sign-On between Sametime WeClient and iNotes/VoP.
With Sametime version 9.0.1, you would export the LTPA Token from Websphere Application Server and import it in the Domino “Web SSO Configuration” document of the iNotes/VoP server and Sametime Community Server. Thus making sure that all components involved are using the same LTPA Token.
But in the Sametime Version 11, we do not have any WebSphere components. So, you just have to make sure that the Sametime Community and iNotes/VoP servers are using the same LTPA Token. Either export the LTPA Token from the old Sametime environment or any other existing WebSphere server and import it in the relevant Domino “Web SSO Configuration” documents. After restarting all components involved, the SSO should be working and you can proceed with integrating Sametime with iNotes and/or Verse on-Premises.
I found that there is a lot of confusion going around which Sametime features are covered in Limited Use License, although I could not find a document or a matrix chart covering this in detail, the following article provides some important insights:
Excerpt of the article:
HCL Sametime 11 Limited Use prohibits the use of the following components:
- File transfer - Screen capture
- Multiple communities
- External user
- Built-in audio / video function
- Integration with external meetings
- To ensure compliance with the Limited Use terms, these features must be disabled in policy settings.
Before deploying Sametime 11 Limited Use, make sure that the features important for you are covered in the license. And if one or another function is not working, check with support if it is covered in the Limited Use license in the first place, it might save you some time spent troubleshooting.
My friend, Roberto Boccadoro found the official licensing agreement, thank you very much! You can Access it via the following URL:
Excerpt of the document:
Notwithstanding any provision in the Agreement, Licensee is not authorized to use any of the following components or functions of the Program:
Obviously, when deploying any application, DNS is important and the needed DNS entries need to be set.
Before deploying the HCL Sametime 11 Proxy Server you need to make sure that the MongoDB and the Sametime Community Servers are reachable via FQDNs and hostnames.
If you have to work with a “host” file, in DMZ for example, make sure to create separate entries for hostnames and FQDNs mentioned. If you are using a separate DNS Alias to access the Sametime Community server, other than the “real” FQDN and Hostname, make sure to create the entries for the “real” FQDN and Hostname of the Community server, even if you have not used them during the ST Proxy installation. During one deployment I ran into this issue. After enabling the debugging on the ST Proxy Server, I got the following errors:
FINE [White Rabbit (Timer). 2] com.ibm.rtc.stproxy.cluster.ServerLogin.connect Connecting to ST server: Server name: CN=domino-server-name/O=domino-organization, Cluster name: CN=domino-server-name/O=domino-organization, Server URL: domino-community-server.domain.local, serverID: null, Sametime session: null
WARNING [Chuck the postman’s dispatching thread.4] com.ibm.rtc.stproxy.cluster.ServerLogin.loggedOut CLFRX0011W: Unable to log in to the Sametime community server CN=domino-server-name/O=domino-organization. Error message is 80000207
After editing the host file of the ST Proxy server, on which the error was produced, the Sametime Webclient was working as desired and there were no errors in the log file.
If you run in any issues with Sametime 11 Proxy server, you may want to enable debugging. In order to do this, just open “logging.properties” file found in “conf” folder and uncomment the last to lines. As shown in the screenshot below:
After that just restart the Sametime Proxy Server and you should see additional information in the logs.
Recently I have updated IBM Sametime Community Server from 9.0 HF1 to 9.0.1 FP1. Before starting the update Process I would usually backup, and replace after upgrade, the following files:
And STCore.jar file, which is not stated in the official documentation, but most of the time in the past I needed to replace this file so that the community Server could be started after the upgrade.
This time, after the upgrade, not all Sametime Services could be started after the upgrade, “ST Presence Subscriptions” and “ST Presence Compatibility” would not start.
In the “STPresenceCompatibility” log file I got the following error:
[ 13:26:45.245 | 04.05.2018 | SEVERE | 13 ] : STThrowableReporterListener : notifyThrowableCaught : a toolkit throwable was caught, preparing for system exit[ 13:26:45.245 | 04.05.2018 | SEVERE | 13 ] : STThrowableReporterListener : notifyThrowableCaught : a toolkit throwable was caught, preparing for system exitjava.lang.NoSuchMethodError: com/ibm/sametime/stjavautils/utils/STUtils.belongToSameServer(Lcom/lotus/sametime/core/types/STId;Lcom/lotus/sametime/core/types/STId;)Z (loaded from file:/D:/IBM/Domino/STCore.jar by sun.misc.Launcher$AppClassLoader@f932dcd2) called from class com.ibm.sametime.buddylist.bc.channelHandler.BcToCommunityEventHandler$BLServiceAvailableListenerImpl (loaded from file:/D:/IBM/Domino/BLBackwardCompatibilitySA.jar by sun.misc.Launcher$AppClassLoader@f932dcd2). at com.ibm.sametime.buddylist.bc.channelHandler.BcToCommunityEventHandler$BLServiceAvailableListenerImpl.handleServicesAvailable(BcToCommunityEventHandler.java:192) at com.ibm.sametime.stjavautils.listener.STServiceAvailableListener.servicesAvailable(STServiceAvailableListener.java:50) at com.lotus.sametime.communityevents.CommunityEventsComp.snapshotServices(Unknown Source) at com.lotus.sametime.communityevents.CommunityEventsComp.processSTEvent(Unknown Source) at com.lotus.sametime.core.comparch.STCompPart$STCompPartSTEventListener.processSTEvent(Unknown Source) at com.lotus.sametime.core.comparch.MessageDispatcher.dispatch(Unknown Source) at com.lotus.sametime.core.comparch.MessageDispatcher.flush(Unknown Source) at com.lotus.sametime.core.comparch.MessageDispatchingThread.run(Unknown Source) at java.lang.Thread.run(Thread.java:785)[ 13:26:45.245 | 04.05.2018 | SEVERE | 13 ] : BLThrowableReporterListenerImpl : handleNotifyThrowableCaught : com/ibm/sametime/stjavautils/utils/STUtils.belongToSameServer(Lcom/lotus/sametime/core/types/STId;Lcom/lotus/sametime/core/types/STId;)Z (loaded from file:/D:/IBM/Domino/STCore.jar by sun.misc.Launcher$AppClassLoader@f932dcd2) called from class com.ibm.sametime.buddylist.bc.channelHandler.BcToCommunityEventHandler$BLServiceAvailableListenerImpl (loaded from file:/D:/IBM/Domino/BLBackwardCompatibilitySA.jar by sun.misc.Launcher$AppClassLoader@f932dcd2).[ 13:26:45.245 | 04.05.2018 | SEVERE | 13 ] : BLShutdownManager : BLShutdownManager : time has come for system exit. EXITING!!! return code: 101
I replaced the backed up “STCore.jar” file with the new one, created by the update process, and all was well. All Sametime Services started and there were no problems.
If you are planning on changing the LTPA Token on a Sametime Community Server, save yourself a lot of pain by using the existing LTPA Document and keeping the default name “LtpaToken”. You may not get any errors on the console but the SSO using LTPA just won´t work.
If you want to enable Internet Sites on the Community Server, you should read the instructions in the following article:
Recently I tried to configure Sametime Proxy Server to show profile photos from IBM Connections in Sametime web client business cards. SSO through LTPA was setup between Sametime, 9.0.1 version, and Connections, 5.5 CR2 version, environment and the configuration needed was done on the Sametime Proxy server. But after synchronization and restart of the ST Proxy, the photos would still not show up in the web client.
As you can see the browser just tries to load the photo and there are no errors in GUI. With Chrome and Fiddler I managed to catch HTTP 403 error, I could also see the HTTP 403 error in the IBM HTTP Server log, rather than that there were no other errors. I think it is also important to mention that with IE and Fiddler I could not catch the HTTP 403 error, the IE would not even stop trying to load the photo.
The solution was to set “allowJsonpJavelin” to “true” in the “profiles-config.xml” file.
After that just synchronize the nodes and restart Connections Applications, most likely it will be enough just to restart the “Profiles” application.
Big thanks to Martin Leyrer and Dave Fleetham for helping me solve this one, I hope this will show up soon in the Knowledge Center. 🙂
This configuration change is needed only if you upgrade Connections to 5.0 CR4 or later.
There is also a blog post from Tom Bosmans about this matter.
If you are implementing Sametime Awareness in IBM Connections through Sametime Proxy server, as described in the official documentation, make sure that “isConnectClient” attribute, in “LotusConnections-config.xml” file, is set to “false”. The example in the Documentation shows otherwise:
If you set the “isConnectClient” attribute to “true”, and the rest of the configuration is OK, the connection to the Sametime Proxy server will work, but the loading of the Homepage after the login will take significantly longer, some users may even get warning messages stating that they are unable to log in to Sametime.
This problem especially impacts the Firefox Browser, for some reason Chrome is much less affected and the issue is not that easy notice.