HCL Sametime 11 & SSO via Sametime Embedded Client in Notes Basic Client

On a customer site I had to make sure that users are able to authenticate via HCL Sametime Embedded Clients, inside of HCL Notes 9.0.1 Basic Client, using Domino SSO (LTPA).

After installing the HCL Sametime 11 Community Server, and applying the standard configuration, the login via Domino SSO for Sametime embedded clients inside of HCL Notes standard or eclipse clients worked without any issues. But we had to make some configuration changes in the “sametime.ini” file to make the same work for ST Embedded clients inside the HCL Notes basic clients.

We had to change the “VP_SECURITY_LEVEL” parameter value from the default “7000” to “0”. Furthermore, we added the value “1216” to the “VPS_PREFERRED_LOGIN_TYPES” parameter. If the “VPS_ALLOWED_LOGIN_TYPES” parameter is used in your environment, then you will have to add “1216” value to this parameter as well.

After saving the “sametime.ini” file and restarting the Sametime Community server, the Sametime embedded clients, inside the Notes basic clients, should be able to login via Domino SSO Mechanism.

HCL Sametime 11 – Limited Use vs. Standard License

I found that there is a lot of confusion going around which Sametime features are covered in Limited Use License, although I could not find a document or a matrix chart covering this in detail, the following article provides some important insights:

Excerpt of the article:

HCL Sametime 11 Limited Use prohibits the use of the following components:

- File transfer
- Screen capture - Multiple communities - External user - Built-in audio / video function - Integration with external meetings - To ensure compliance with the Limited Use terms, these features must be disabled in policy settings.

Before deploying Sametime 11 Limited Use, make sure that the features important for you are covered in the license. And if one or another function is not working, check with support if it is covered in the Limited Use license in the first place, it might save you some time spent troubleshooting.

UPDATE

My friend, Roberto Boccadoro found the official licensing agreement, thank you very much! You can Access it via the following URL:

Excerpt of the document:

Notwithstanding any provision in the Agreement, Licensee is not authorized to use any of the following components or functions of the Program:

  • Access to File Transfer (of HCL Sametime)
  • Screen Capture (of HCL Sametime)
  • Multiple Communities (of HCL Sametime)
  • External users (of HCL Sametime)
  • Embedded Audio/Video features (of HCL Sametime)
  • External conferencing integration (of HCL Sametime)

HCL Sametime 11 – ST Proxy Server & DNS

Obviously, when deploying any application, DNS is important and the needed DNS entries need to be set.

Before deploying the HCL Sametime 11 Proxy Server you need to make sure that the MongoDB and the Sametime Community Servers are reachable via FQDNs and hostnames.

If you have to work with a “host” file, in DMZ for example, make sure to create separate entries for hostnames and FQDNs mentioned. If you are using a separate DNS Alias to access the Sametime Community server, other than the “real” FQDN and Hostname, make sure to create the entries for the “real” FQDN and Hostname of the Community server, even if you have not used them during the ST Proxy installation. During one deployment I ran into this issue. After enabling the debugging on the ST Proxy Server, I got the following errors:

FINE [White Rabbit (Timer). 2] com.ibm.rtc.stproxy.cluster.ServerLogin.connect Connecting to ST server: Server name: CN=domino-server-name/O=domino-organization, Cluster name: CN=domino-server-name/O=domino-organization, Server URL: domino-community-server.domain.local, serverID: null, Sametime session: null

WARNING [Chuck the postman’s dispatching thread.4] com.ibm.rtc.stproxy.cluster.ServerLogin.loggedOut CLFRX0011W: Unable to log in to the Sametime community server CN=domino-server-name/O=domino-organization. Error message is 80000207

After editing the host file of the ST Proxy server, on which the error was produced, the Sametime Webclient was working as desired and there were no errors in the log file.

Engage 2019 – Part One

The reason why this post is not carrying the title “Day One”, is because I flew over to Brussels already at Monday to attend the Champions Day Europe. The Champions Day event was interesting, I had a lot a fun to talking with fellow IBM Champions and finally meeting some of them in person. Besides, there were some really cool sessions like:

  • App Modernization – by James Baldwin
  • Managing Developers – by Bill Malchisky
  • Make a Convincing Argument for IBM Tech – by Keith Brooks

Bill’s Session completely blew me away, the Tips are simple yet very powerful. I think that everyone working on larger projects should hear this one out. Beside that, we found out that HCL is going to start its own program “HCL Masters”, which is going to be similar to the “IBM Champions” program. A big thanks to Libby, Alan and Stuart for making the Champions Day in Europe possible.

Today, at Autoworld, the first day of Engage officially started. I have no idea how Theo does it, but again the venue is just amazing. I am sure that there is no other event who can boast with such good venues.

At the Keynote Session, we got some interesting information, like that the Panagenda is working on a MarvelClient for iOS (which is at Private Beta stage) and Android Next, and the best part, it will be completely FREE!

The HCL also confirmed that they are working on a better integration between the existing Collaboration Products, across all platforms.

In the following I will list the Sessions I visited today and briefly add the Information I find to be most important.

Let’s Dive Into Sametime 10 – by Pat Galvin and Tony Payne

Sametime Limited Use v10 is going to run on either Domino 9 32-bit or Domino 10 64-bit, it also going to be fully compatible with Sametime 9.0.1 FP1. It will allow users to be online concurrently from multiple clients, desktop, mobile and browser. The mobile App is going to support SAML from the start. We saw a demo of a new Web Client, and the Client looks awesome, it is fast and it has a modern, sleek design. We also got an overview of the features which are going to be implemented in the future, more on that, and some other slides, in the gallery below.

Dealing with Users Complaints – Round Table – by Keith Brooks

A very cool Session, Keith showed us how to make unhappy users happy and some insight on how to argument in certain situations.

HCL Masters – Round Table – by Tim Clark

Valuable insights and discussion about the new HCL Masters program. HCL Masters program is looking very promising, members are going to most likely get direct L3 Support Access and unlimited Access to the Software Download Catalog. A big thumbs up!

Domino 11 – What’s coming – by Mike Gagnon

The version 11 will probably have an active License Checking, based on Flexera technology, and the license model is going to be much simpler.
Notes and Domino 11 Language Packs will be shipped simultaneously with the new version of the software, so there is not going to be a delay between the release of the new version and the language packs.
With version 11 we will have a possibility to implement “Two tiered DAOS”. We may also get Active Directory and Domino Directory Synchronization as well as “HTTP Authentication via ID Vault“.
Some slides from the session:

I am looking forward for the second part! 🙂

Integrating Verse On-Premises with Sametime

Sametime and Verse On-Premises integration is very nice and works well. It is also very easy to accomplish, so it is a shame not to try it out.

Verse & SametimeVerse Rich Client

First of all, you need Verse On-Premises 1.0.2 or newer and iNotes and Sametime integration set up.

After that just add the following “Notes.ini” parameters:

VOP_GK_sametime=1
VOP_GK_sametime_rich_client=1

And restart the Domino HTTP task.

“VOP_GK_sametime” enables Verse and Sametime integration and “VOP_GK_sametime_rich_client” is optional, it enables Sametime rich client integration.

If you enable rich client Integration, users may get a security prompt to trust the SSL certificate if it is not a official one.

Verse Sametime cert