Create the Web SSO Configuration document in the Domino Directory

Create a Web SSO document that specifies the servers participating in the shared authentication, the time-out value for the cookie containing the LTPA access token, and the encrypted secret used to create the cookie.


  1. Using a Notes® client, open the Domino® Directory on the Sametime® server.
  2. Select Configuration > Servers > All Server Documents.
  3. Select the Web button on the taskbar.
  4. Select Create Web SSO Configuration.
  5. In the document, select the arrow on the Keys button.
  6. The default value for the Configuration Name field is LtpaToken. This is the preferred value and usually it should not be changed. In case another value is configured as the Web SSO document name, the ST_TOKEN_TYPE setting in the [AuthToken] section of the sametime.ini file must contain the same value.
  7. Select Create Domino SSO Key.

    Note The Import WebSphere® LTPA Keys option is usually used to enable a WebSphere server to communicate with a Domino server. To enable a WebSphere server to communicate with a Domino server, you must export the LTPA keys from the WebSphere server and import the LTPA keys to the Domino server. See the WebSphere Information Center documentation for details.

  8. Set the Token Expiration setting to 120 minutes. The token does not expire based on inactivity; it is valid only for the number of minutes specified from the time of issue. The token is also valid only for a single browser session. If a user has joined a meeting after logging in via token authentication, the user remains in that meeting regardless of the time expiration value of the token. If the user has subsequent log in attempts, the client detects that the token is expired and asks to generate a new token that can be used during the authentication process.
  9. In the DNS Domain field, enter the DNS domain (for example, or for which the tokens will be generated. The servers enabled for SSO must all belong to the same DNS domain. This field is required and the DNS domain must start with a period.

    When users access the Sametime server, they must enter the fully qualified domain name of the Sametime server for authentication to be successful (for example, sametimeserver/meetings/acme/com).

  10. In the Server Names field, enter the servers that will be participating in SSO.

    Generally, this field should contain the Domino hierarchical names of all Sametime servers in your environment. You can browse and select the server names from the Domino Directory.

    Note Groups and wildcards are not allowed in the field.

  11. The Organization field should usually stay empty. In case it has a value, which is mandatory only for Internet Sites configuration, the ST_ORG_NAME field setting in the [AuthToken] section of the sametime.ini file must contain a similar value. For additional information about Internet Sites see theDomino documentation.
  12. Select Save & Close to save the Web SSO Configuration document. The document will appear in the Web Configurations view. This document will be encrypted for the creator of the document, the members of the Owners and Administrators fields, and the servers specified in the Server Names field.