 |
|
|
 |
| Subject: Windows and Lotus SSO problem |
 |
 |
 |
| Product Area: Domino Server |
 |
| Technical Area: User Interface |
 |
| Platform: Windows |
 |
| Release: 8.5.3 |
 |
| Reproducible: Not applicable |
 |
 |
 |
 |
Hi everyone.
I'm not a huge expert in domino lotus, but I was asked to do this following :
Having the windows SSO working : means that user connecter on his windows session with his network account,
and get directly connected when launching lotus website.
I followed this tutorial :
http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Configuring_Microsoft_Windows_single_sign-on_for_Web_clients_in_an_existing_IBM_Lotus_Domino_environment
I also tried to get help from this page :
http://www-01.ibm.com/support/docview.wss?uid=swg21394592
My domain is LA.FR
I have two servers :
srvad = Windows 2008 R2 with active directory.
serveurlotus = my domino server.
To know :
-My serveurlotus is registered in my La.fr Forest (AD on srvad)
Well,
On the domino server :
First, I created the site internet document with the adress serveurlotus.la.fr
This works, when I open my browser and type the address, no problem to access the server.
I also configured the SSO configuration with the right parameters showed in the tutorial. (named LTPATokenLa, the name I gave)
What I have also done is enabling authentification mode to multiple servers with using LTPAToKenLa as SSO configuration
Of course, I have added my ad user in the user names list. (this works because when I'm login with my ad login ( = gostbuster@la.fr) and the lotus password, I'm a logged !)
On the AD server :
First, I created a user named domino (with dn= cn=domino,cn=Users,dc=la,dc=fr), I configured the few options needed like disable password expire,
I used to following command to add the serviceprincipalname :
setspn -a HTTP/serveurlotus.la.fr domino
I have completely restarted the domino server.
But Unfortunately, this doesn't work.
When I am testing it, opening Internet explorer 8 on a Win xp workstation, logged with my ad user, I type http://serveurlotus.la.fr/names.nsf and I am prompted to login.
Furthermore, When I'm trying this, here is what I get in the console :
[0D2C:0012-176C] 23/04/2013 16:40:02,92 SPNEGO> Starting SPNEGO Negotiate - a properly configured HTTP client should send an Authorization: Negotiate header containing SPNEGO token when repeating the request /names.nsf
..and nothing more
Thought, when I try to access another base like serveurlotus.la.fr/mybase.nsf I don't have any SPNEGO entry log.
During my research, I executed kerbtray.exe on my AD server and noticed no Kerberos Ticket were created.
I'm lost with all of this, and don't know what to check in order to make this working.
Would you have any Idea, advice or clue ?
Thank you in advance,
Regards
 
Feedback number WEBB972KC8 created by ~Yoshi Dwohipiploponi on 04/23/2013
Status: Open
Comments:
 Windows and Lotus SSO problem (~Yoshi Dwohipip... 23.Apr.13)
 . . Windows configuration (~Tony Zekfootex... 23.Apr.13)
. . . . More details (~Yoshi Dwohipip... 24.Apr.13)
. . . . . . check for duplicate SPN (~Tony Zekfootex... 24.Apr.13)
. . . . . . . . no duplicate I think (~Yoshi Dwohipip... 24.Apr.13)
. . . . . . . . . . Microsoft (~Tony Zekfootex... 24.Apr.13)
. . . . . . . . . . . . some tickets but not from domino (~Yoshi Dwohipip... 25.Apr.13) |
| |
|
Return to top
Printer-friendly
