Luis Benitez, profile picture
Uploaded byLuis Benitez
ODP, PPTX8,067 views

ID304 - Lotus® Connections 3.0 TDI, SSO, and User Life Cycle Management: What you NEED to know!

The document outlines security options and user life cycle management for IBM's Lotus Connections 3.0. It covers single sign-on (SSO) configurations using various protocols such as LTPA, SPNEGO, and Siteminder, along with troubleshooting tips and the integration of Tivoli Directory Integrator for profile synchronization. Additionally, it discusses the importance of maintaining data integrity and simplifying user management processes within the application.

Embed presentation

Download as ODP, PPTX
ID304 Lotus® Connections 3.0 TDI, SSO, and User Life Cycle Management: What you NEED to know! Jay Boyd | Lotus Connections Team Lead | IBM Luis Benitez | Social Software Product Manager | IBM
Who we are
Tweet Away
Agenda Options for Securing Lotus Connections
SSO
New User Life Cycle Options in 3.0
Q&A
Not ideal security... Photo credit: http://www.flickr.com/photos/fboyd/2494909325/
Securing Lotus Connections Lotus Connections has tons of security options Virus Scanning
SSL (even forced!)
Forced Authentication
Filtering active content
MIME control
and... Photo credit: http://www.flickr.com/photos/juanpol/2704542/
Agenda Options for Securing Lotus Connections
SSO
New User Life Cycle Options in 3.0
Q&A
Single Sign On My favorite
Improves usability
Great for adoption Photo credit: http://commons.wikimedia.org/wiki/File:Single_sign_on_aproaches.png
What's supported SSO … with Domino apps (of course!)
… with WebSphere apps (any doubt?)
… with Quickr J/D (go go Gadget docs)
… with Sametime (duh!)
… via Tivoli Access Manager 6.1.1
… via CA's Siteminder 6.0
… via SPNEGO Portlets are an exception :(
Single Sign On: Connections 3.0 Options SSO allows a user to authenticate once and then use other systems that are within the same authentication configuration without providing userid/password authentication subsequent times.
LTPA (WebSphere default)
SPNEGO
TAM (Form Based Auth, Transparent Junctions, LTPA)
SiteMinder (FBA, ASA/WebAgent)
TAM/SPNEGO
Except with LTPA, authentication is forced, there is no anonymous access
Cookies are key with most SSO options (these are not your mother's Cookies) Cookies Textual information consisting of Name/Value pairs
Usually used to provide State in an otherwise Stateless protocol (HTTP)
Domain and Path determine when Cookies are included with an HTTP Request SPNEGO uses Security tokens in the HTTP Header with every request
Single Sign On: LTPA Lightweight Third-Party Authentication IBM proprietary, supported by IBM products such as WebSphere and Domino
Represented as Cookies called LtpaToken (older format, not on by default in WAS7, Domino requires version1) or LtpaToken2, value is encrypted UserID
Authentication Realm
Authentication Expiration Time Important to use both of these if integrating with Domino and Portal
Single Sign On: Keys to successful LTPA Configuration All participating Servers: Same Authentication Realm (correlates to Cookie domain)
Synchronized system time
Identical LDAP configuration (WAS Federated Repository)
Share the same LTPA keys

More Related Content

ODP
New Features Lotus Domino Administration 8.5
byRolf Kremer
 
PPT
Linux webmin
bySonam Sharma
 
PDF
Ibm tivoli access manager for e business tracing http connections redp4622
byBanking at Ho Chi Minh city
 
PDF
IBM Mail Support for Microsoft Outlook
byjayeshpar2006
 
PDF
PROXY Pro 8.10.2 Remote Desktop Software - Release Notes
byProxy Networks, Inc.
 
PPTX
Adding Identity Management and Access Control to your Application, Authorization
byFernando Lopez Aguilar
 
PDF
Proxifier
byraza530
 
PDF
Whats new in CF10, 11, 2016
byCarol Hamilton
 
New Features Lotus Domino Administration 8.5
byRolf Kremer
 
Linux webmin
bySonam Sharma
 
Ibm tivoli access manager for e business tracing http connections redp4622
byBanking at Ho Chi Minh city
 
IBM Mail Support for Microsoft Outlook
byjayeshpar2006
 
PROXY Pro 8.10.2 Remote Desktop Software - Release Notes
byProxy Networks, Inc.
 
Adding Identity Management and Access Control to your Application, Authorization
byFernando Lopez Aguilar
 
Proxifier
byraza530
 
Whats new in CF10, 11, 2016
byCarol Hamilton
 

Viewers also liked

PDF
A1 Connections Mashups
byAndreas Schulte
 
PDF
Lotus Connections 3.0: a Technical View on What's New
byStuart McIntyre
 
PDF
Beyond the Basics: An Overview of User LifeCycle and Managing Users with TDI
byStuart McIntyre
 
PDF
Mikkel Heisterberg - An introduction to developing for the Activity Stream
byLetsConnect
 
PPT
Managing JavaScript Dependencies With RequireJS
byDen Odell
 
PDF
Open social gadgets in ibm connections
byVincent Burckhardt
 
A1 Connections Mashups
byAndreas Schulte
 
Lotus Connections 3.0: a Technical View on What's New
byStuart McIntyre
 
Beyond the Basics: An Overview of User LifeCycle and Managing Users with TDI
byStuart McIntyre
 
Mikkel Heisterberg - An introduction to developing for the Activity Stream
byLetsConnect
 
Managing JavaScript Dependencies With RequireJS
byDen Odell
 
Open social gadgets in ibm connections
byVincent Burckhardt
 

Similar to ID304 - Lotus® Connections 3.0 TDI, SSO, and User Life Cycle Management: What you NEED to know!

PPTX
IBM Single Sign-On
byVan Staub, MBA
 
PDF
Blug connections
byWannes Rams
 
PDF
ISBG The 3 S's a guide to single sign on
byGabriella Davis
 
PDF
“Secure Portal” or WebSphere Portal – Security with Everything
byDave Hay
 
PPTX
SINGLE SIGN-ON
byShambhavi Sahay
 
PDF
Connections Directory Integration: A Tour Through Best Practices for Directo...
byGabriella Davis
 
PDF
Social Connections - Installing Free Addons to IBM Conenctions
byVictor Toal
 
PPT
Single sign on and its significance .ppt
byDAKSHATAPANCHAL2
 
PDF
A Technical Guide To Deploying Single Sign On
byGabriella Davis
 
PDF
IBM Connections 4.5 Integration - From Zero To Social Hero - 2.0 - with Domin...
byFrank Altenburg
 
PDF
Adm02. IBM Connections Adminblast
bypanagenda
 
PDF
ICON UK 2014 - Look mum, no passwords!
byMartin Leyrer
 
PDF
IBM Connections administration – keep your systems running the right way
byLetsConnect
 
PDF
Lotus Connections Administration - von der Befehlszeile zur grafischen Oberfl...
byTIMETOACT GROUP
 
PDF
New Single Sign-on Options for IBM Lotus Notes & Domino (We4IT)
byWe4IT Group
 
PDF
Connections fornewbies
byr4ttl3r
 
PPTX
AdminCamp 2017 - IBM Connections Adminblast
byNico Meisenzahl
 
ODP
Putting *Sparkle* in Your Social Applications! Customization and Branding wit...
byMitch Cohen
 
ODP
IBM Lotusphere 2013 AD109: Using the IBM® Sametime® Proxy SDK: WebSphere Port...
byWilliam Holmes
 
PPTX
MWLUG 2015 - IBM Connections - Installing the Free "Extras" and Integrating w...
byVictor Toal
 
IBM Single Sign-On
byVan Staub, MBA
 
Blug connections
byWannes Rams
 
ISBG The 3 S's a guide to single sign on
byGabriella Davis
 
“Secure Portal” or WebSphere Portal – Security with Everything
byDave Hay
 
SINGLE SIGN-ON
byShambhavi Sahay
 
Connections Directory Integration: A Tour Through Best Practices for Directo...
byGabriella Davis
 
Social Connections - Installing Free Addons to IBM Conenctions
byVictor Toal
 
Single sign on and its significance .ppt
byDAKSHATAPANCHAL2
 
A Technical Guide To Deploying Single Sign On
byGabriella Davis
 
IBM Connections 4.5 Integration - From Zero To Social Hero - 2.0 - with Domin...
byFrank Altenburg
 
Adm02. IBM Connections Adminblast
bypanagenda
 
ICON UK 2014 - Look mum, no passwords!
byMartin Leyrer
 
IBM Connections administration – keep your systems running the right way
byLetsConnect
 
Lotus Connections Administration - von der Befehlszeile zur grafischen Oberfl...
byTIMETOACT GROUP
 
New Single Sign-on Options for IBM Lotus Notes & Domino (We4IT)
byWe4IT Group
 
Connections fornewbies
byr4ttl3r
 
AdminCamp 2017 - IBM Connections Adminblast
byNico Meisenzahl
 
Putting *Sparkle* in Your Social Applications! Customization and Branding wit...
byMitch Cohen
 
IBM Lotusphere 2013 AD109: Using the IBM® Sametime® Proxy SDK: WebSphere Port...
byWilliam Holmes
 
MWLUG 2015 - IBM Connections - Installing the Free "Extras" and Integrating w...
byVictor Toal
 

More from Luis Benitez

PPTX
Bank AI - Popular's Journey to Intelligent Automation
byLuis Benitez
 
PDF
What's New in IBM Connections Social Cloud - Q2 2016
byLuis Benitez
 
PPTX
What is new in IBM Connections 5.5 and IBM Docs 2.0
byLuis Benitez
 
PPTX
IBM Connections Cloud & IBM Docs: Working securely and quickly with content
byLuis Benitez
 
PPTX
IBM Connections Cloud Application Development Strategy
byLuis Benitez
 
PPTX
IBM Collaboration Mobile Strategy and a New Way To work
byLuis Benitez
 
PDF
IBM Insight 2015 - Social Business Flyer
byLuis Benitez
 
PPTX
What's New in IBM Connections Social Cloud - Q2 2015
byLuis Benitez
 
PDF
Social Connections VIII - Innovation and Communications Drive Business Value
byLuis Benitez
 
PDF
What's New in IBM Connections Social Cloud - Q1 2015
byLuis Benitez
 
PDF
IBM InterConnect 2015 - What is New in IBM Connections 2015
byLuis Benitez
 
PDF
IDI103 - What is New in IBM Connections - IBM ConnectED 2015
byLuis Benitez
 
PPTX
What's New in IBM Connections Social Cloud - September 2014
byLuis Benitez
 
PDF
Social Connections VI Keynote - Why IBM Connections 5.0 Matters
byLuis Benitez
 
ODP
What's New in IBM SmartCloud Connections - May 2014
byLuis Benitez
 
PDF
ID400 - What's New and Coming in IBM Connections 2014 #IBMConnect
byLuis Benitez
 
ODP
IBM SmartCloud Connections Overview - Q2 2014
byLuis Benitez
 
PDF
IBM Connections 4.5 Reviewer's Guide
byLuis Benitez
 
PDF
What’s New in IBM Connections 4.5 and IBM Connections Content Manager
byLuis Benitez
 
PDF
ID301 - What’s Coming in IBM Connections
byLuis Benitez
 
Bank AI - Popular's Journey to Intelligent Automation
byLuis Benitez
 
What's New in IBM Connections Social Cloud - Q2 2016
byLuis Benitez
 
What is new in IBM Connections 5.5 and IBM Docs 2.0
byLuis Benitez
 
IBM Connections Cloud & IBM Docs: Working securely and quickly with content
byLuis Benitez
 
IBM Connections Cloud Application Development Strategy
byLuis Benitez
 
IBM Collaboration Mobile Strategy and a New Way To work
byLuis Benitez
 
IBM Insight 2015 - Social Business Flyer
byLuis Benitez
 
What's New in IBM Connections Social Cloud - Q2 2015
byLuis Benitez
 
Social Connections VIII - Innovation and Communications Drive Business Value
byLuis Benitez
 
What's New in IBM Connections Social Cloud - Q1 2015
byLuis Benitez
 
IBM InterConnect 2015 - What is New in IBM Connections 2015
byLuis Benitez
 
IDI103 - What is New in IBM Connections - IBM ConnectED 2015
byLuis Benitez
 
What's New in IBM Connections Social Cloud - September 2014
byLuis Benitez
 
Social Connections VI Keynote - Why IBM Connections 5.0 Matters
byLuis Benitez
 
What's New in IBM SmartCloud Connections - May 2014
byLuis Benitez
 
ID400 - What's New and Coming in IBM Connections 2014 #IBMConnect
byLuis Benitez
 
IBM SmartCloud Connections Overview - Q2 2014
byLuis Benitez
 
IBM Connections 4.5 Reviewer's Guide
byLuis Benitez
 
What’s New in IBM Connections 4.5 and IBM Connections Content Manager
byLuis Benitez
 
ID301 - What’s Coming in IBM Connections
byLuis Benitez
 

Recently uploaded

PDF
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
PDF
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
PDF
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
PDF
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab
 
PDF
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
PDF
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
PDF
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
PDF
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
PDF
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
PDF
AI in the Real World: From University to Industry
byDarvan Shvan
 
PDF
apidays Paris 2025 | Zero Trust By Design
byapidays
 
PDF
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
PDF
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
PPTX
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
PDF
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
PDF
Chapter 6 Authentication and Access Control.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
Logical Optimal Actions – Towards Knowledge-based Reinforcement Learning with...
byMichiaki Tatsubori
 
PDF
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
PDF
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
PDF
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 
Session 1/5: Enhancing Automation with Screenplay & Business Rules
bysuhanisingh58689
 
GenerationAI_Paris_2025_Architecting_Intelligence.pdf
byapidays
 
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
Constraint Collapse and Fidelity Decay in Scaled Language Models
bySemantic Fidelity Lab
 
Agent to agent service discovery using HashiCorp Consul and Vault
byBram Vogelaar
 
Digital Twin in IBM for Accelerated Discovery of Climate & Sustainability, K...
byMichiaki Tatsubori
 
Transcript: Escape from the Forbidden Zone: Smuggling green and inclusive tec...
byBookNet Canada
 
UiPath Automation Developer Associate Training Series 2026 - Session 3
byDianaGray10
 
TrustArc Webinar - From Trends to Action: Fitting AI Governance into Privacy Ops
byTrustArc
 
AI in the Real World: From University to Industry
byDarvan Shvan
 
apidays Paris 2025 | Zero Trust By Design
byapidays
 
GTM-and-Sales-Plan for a cyber security product
byAshish Jangir
 
Oracle Cloud Infrastructure 2025 Architect Professional (1Z0-1127-25) Master ...
byExamCert App
 
CTO Strategy OS 2026: The Tech, AI & Cloud Playbook Boards Want
byridwansassman
 
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
Chapter 6 Authentication and Access Control.pdf
byGetnet Tigabie Askale -(GM)
 
Logical Optimal Actions – Towards Knowledge-based Reinforcement Learning with...
byMichiaki Tatsubori
 
Effortless Distributed Systems with Aspire.pdf
byParticular Software
 
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
Empower your IT team with cloud-based PC management using Dell Management Por...
byPrincipled Technologies
 

ID304 - Lotus® Connections 3.0 TDI, SSO, and User Life Cycle Management: What you NEED to know!

Editor's Notes

  • #7 Lotus Connections supports the Internet Content Adaptation Protocol (ICAP) and its applications use this protocol to communicate with virus detection products. Ensure that the virus detection product used in your enterprise supports the ICAP 1.0 protocol. Lotus Connections is certified to work with Symantec AntiVirus Scan Engine 5.1 and McAfee web Security Appliance (3400) and (3300). Lotus® Connections provides security measures, such as an active content filter and content upload limits, that you can use to mitigate the risk of malicious attacks. Because these security measures can also limit the flexibility of the applications, you, as the system administrator, must evaluate the security of your network and determine whether or not you need to implement them. Any software that displays user authored content can be vulnerable to cross-site scripting (XSS) attacks. Attackers can introduce JavaScript™ into their content that can, among other things, steal a user's session. Session stealing in a single sign-on (SSO) environment poses particular challenges because any vulnerability to XSS attacks can render the entire single sign-on domain vulnerable.
  • #10 SPNEGO = Simple and Protected Negotiation Portlets don't support SSO via TAM/Siteminder/SPNEGO – they require LTPA
  • #21 Import the LTPA key and password from TAM and Import into WebSphere and set the SSO domain name Do not use TAM components as a caching proxy, configuration complexity is very high Lotus Connections only supports WebSeal Transparent Junction configuration Configure TAM for URL rewriting in XML and Javascript content TAM configuration setting 'use-same-session = yes' is required
  • #37 A TDI assembly line is made up of components (connectors, flow controls, loops, branches) that collect data from your source repositories and reformat it into the Profiles database. Supports two-way synchronization on LDAP attributes. Assembly line hooks are available for scripting and customization TDI should be used to initially populate Profiles and then frequently used to keep it in sync Connections release 3 allows you to mark a person as “inactive” when they aren't found in LDAP
  • #40 SyncAllMembersByExtId() takes several parameters indicating how a mismatch can be resolved (either by a matching email address, login id or left for later manual resolution).
  • #43 Use Batch commands, external ids are consistent across all applications. Investigate once, create batch script to update across all apps Returning users can be re-linked with their old data ProfilesService.swapUserAccessByUserId("oldUserId","newUserId")