The RegistryEntry error indicates that
the Domino server is passing into WebSphere a domain or realm name that
WebSphere does not recognize. The error indicates that WebSphere does not
recognize the domain "ssss" listed in the error message. When using LTPA
for SSO, we are using session-based authentication. This means that the
LTPA token contains the domain name information needed for the user to
move from server to server without re-authenticating. This name is
provided to Domino by importing the LTPA key file. If a customer changes
the SSO domain in WebSphere, they must
1. Regenerate the LTPA keys.
2. Export the LTPA keys to a file.
For version 3.5.x, the two steps above are performed
on the Authentication Mechanism tab of "Set Global Security
Wizard".
For version 4.0.x, , the two steps above are
perrformed on the Authentication tab of the Security Center.
3. Import the keyfile into the Domino
Server.
Bring up Domino Administrative Client. Under the
"Configuration" page select "All Server Documents" under the "Server"
node. Highlight the server and select "Web", then select "Create Web SSO
Configuration".
Ensure that the Token Domain is the same name that
is specified as the SSO Domain in WebSphere.
Select "Keys", then "Import WebSphere LTPA Keys".
Select the location of the exported keyfile and the password.
Click OK.
The LTPA key file contains the SSO domain name from
WebSphere. This will be the domain/realm that Domino will use.
For information pertaining to WebSphere and Domino
LDAP Server configuration, see Hint and Tip #1005863.
|