< Previous | Cookbook Contents | Next >

Overview

In order for the OpenSocial Component functionality to work for Notes and iNotes users, certain user-centric settings much be in place. The goal of this article is to aggregate information on how to configure the user-centric settings that are need to enable OpenSocial Component functionality in Notes and iNotes clients.

The following list shows an overview of the settings that need to be in place as well as which clients they are for. If a deployment includes both Notes and iNotes users, some settings can (and will) overlap.

• Managed Account (Notes only)
• Policy
• Desktop Settings
• Widgets (Notes and iNotes)
• Accounts (Notes only)
• Custom Settings (Notes only)
• Security Settings
• Execution Control List (Notes only)
• Proxies (iNotes only)
• Mail Settings
• iNotes use only (iNotes only)

For more information on Domino policies, see domino-policies-faq and when-will-a-domino-policy-change-take-effect. There is also an entire category on policy in the Notes and Domino wiki where more information can be found.

Notes User-Centric Settings

Managed Account

A managed account is an account that is created and configured on the Domino Server and pushed by policy to Notes users for use in the Accounts framework there. The managed account required for OpenSocial Component functionality is used when rendering remotely in Notes. See Gadget rendering process for more information on rendering remotely. The account is used in Notes to establish a session with the Domino Server with Shindig in order to obtain a security token that is used in the gadget rendering process. In a sense, the SSO token used to authenticate the current Notes user with the Domino Server with Shindig is exchanged for this security token.

For details on setting up this managed account, see:
For 9.0, Configuring a managed account for the OpenSocial Component.
For 9.0.1, Configuring a managed account for the OpenSocial Component.

For more information on security tokens, see the "Security Tokens" section of the Server-centric settings page.

Notes Desktop Policy Settings

Accounts Tab

The aforementioned managed account, once created, must be pushed to Notes clients by policy. This is accomplished in a desktop policy settings document in the "Accounts" tab. For details on pushing the account by policy, see steps #8-12 of:
For 9.0, Creating policies for the OpenSocial component.
For 9.0.1, Creating policies for the OpenSocial component.

Custom Settings Tab

NOTE: This section is only required for setup of the OpenSocial features on IBM Notes 9.0. This configuration is now part of the IBM Notes 9.0.1 client by default.
Notes 9.0 clients require a single notes.ini setting in order for OpenSocial Component functionality to fully function. See steps #6-7 of [http://www-10.lotus.com/ldd/dominowiki.nsf/xpDocViewer.xsp?lookupName=Administering+IBM+Domino+9.0.1+Social+Edition#action=openDocument&res_title=Assigning_NOTES.INI_or_location_document_settings_using_a_desktop_policyd901&content=pdcontent|Creating policies for the OpenSocial component]].

For more information on pushing notes.ini settings to Notes clients by policy, see Assigning NOTES.INI or location document settings using a desktop policy

Having trouble finding the "Custom Settings" tab? See here: Where is that Desktop Policy Settings tab hiding?

Widgets Tab

Notes clients require a minimal amount of Widgets configuration to function. steps #2-5 of:
For 9.0, Creating policies for the OpenSocial component.
For 9.0.1, Creating policies for the OpenSocial component.

The "Gadget Server URL" field is critical in the remote gadget rendering process as it dictates which Domino Server with Shindig Notes clients will use to render OpenSocial gadgets remotely.

Note: If using HTTPS for the protocol on the Gadget Server URL, one may need to make some other changes as outlined in OpenSocial Component on Domino using TLS or SSL. Special considerations need to be taken when using HTTPS depending on the CA of the certificates as outlined in Using HTTPS When Rendering OpenSocial Gadgets. If HTTP traffic is disabled, IBM Connections gadgets will not be able to render as described in this technote. This issue will be resolved in a future fix pack.

More information on configuring Widgets for iNotes users can be found here:
For 9.0, Using policies to control widgets and live text access.
For 9.0.1, Using policies to control widgets and live text access.

Notes Security Policy Settings

Notes clients require Execution Control List (ECL) configuration in a security policy settings document in order to establish trusted widget approvers. The ECL mechanism in Notes 9.0 and above has a new "Configure Widget capabilities" ability that can be assigned to users or groups. This ability, when given to a user or group, establishes that user or group as a trusted Widget approver, i.e., a Widget Catalog administrator who approves Widgets via the Widget approval process.

For more information, see steps #14-18 of:
For 9.0, Creating policies for the OpenSocial component.
For 9.0.1, Creating policies for the OpenSocial component.

Note: ECL settings in the Domino Directory replicate as design elements. If a Domino Directory is not replicating design to home mail servers, the ECL setting will not take affect for the users of that server.

Notes Verification

An administrator can verify the effective policy set for given users by Using the Policy Synopsis tool to determine the effective policy

To verify policy for Notes clients, one can inspect the client preferences in both the Accounts and Widgets preference panes. In the Accounts preference pane, one should see the Managed Account that was pushed by policy. In the Widgets preference pane, one can verify the Widget catalog server and database name, as well as any categories that are pushed by policy.

iNotes User-Centric Settings

iNotes Desktop Policy Settings

Information on configuring desktop policy settings for iNotes users is detailed in steps #1-6 on this page:
For 9.0, Creating policies for Domino Social Edition Open Social component.
For 9.0.1, Creating policies for Domino Social Edition Open Social component.

The "Gadget Server URL" field is critical in the gadget rendering process as it dictates which Domino Server with Shindig iNotes clients will use to render OpenSocial gadgets.

Note: If using HTTPS for the protocol on the Gadget Server URL, one may need to make some other changes as outlined in OpenSocial Component on Domino using TLS or SSL. Special considerations need to be taken when using HTTPS depending on the CA of the certificates as outlined in Using HTTPS When Rendering OpenSocial Gadgets. If HTTP traffic is disabled, IBM Connections gadgets will not be able to render as described in this technote. This issue will be resolved in a future fix pack.

More information on configuring Widgets for iNotes users can be found here:
For 9.0, Using policies to control widgets and live text access.
For 9.0.1, Using policies to control widgets and live text access.

More information on desktop policy settings for iNotes users can be found here:
For 9.0, Desktop policy settings supported in iNotes.
For 9.0.1, Desktop policy settings supported in iNotes.

iNotes Security Policy Settings

Security policy settings are required when enabling the OpenSocial Component for iNotes users because HTTP requests to the Domino Server with Shindig will be proxied through the iNotes Mail Server. By default, the iNotes Mail Server will reject all HTTP requests through its proxy. The security policy settings will whitelist that traffic so that it is allowed. For more information on the traffic that flows through the proxy see the Gadget rendering process article.

Information on configuring security policy settings for iNotes users is detailed in steps #7-12 on this page:
For 9.0, Creating policies for Domino Social Edition Open Social component.
For 9.0.1, Creating policies for Domino Social Edition Open Social component.

More information on security policy settings for iNotes users can be found here:
For 9.0, Creating security policy settings for iNotes users.
For 9.0.1, Creating security policy settings for iNotes users.

iNotes Mail Policy Settings

In order for Desktop policy settings to work for iNotes users, the policy must also have a mail settings document. For more information, see Desktop policy settings not taking affect in iNotes 8.5

More information on mail policy settings for iNotes users can be found here:
Fo r9.0, Creating mail policy settings for iNotes users.
For 9.0.1, Creating mail policy settings for iNotes users.

Note: Information on Widgets in iNotes outlined in Using widgets in iNotes have been deprecated in 9.0. Widgets in iNotes are controlled via the "Widgets" tab in the desktop settings document.

iNotes Verification

An administrator can verify the effective policy set for given users by Using the Policy Synopsis tool to determine the effective policy

Keep in mind that any policies applied to iNotes users may take up to 12 hours to take effect. To process iNotes user policy immediately, an administrator can execute the following command in the Domino server console on the home mail server for the iNotes users.

For more information, see How to force AdminP to immediately process Mail Policy Settings documents

< Previous | Cookbook Contents | Next >