Installing the Ticket Verifier
To successfully run the Ticket Verifier for Lotus Domino R5 and above, you have to perform the following steps on every Lotus Domino server to be accessed from the portal.
- Locate the components in the table below and copy them to the respective recommended target directories on the Lotus Domino server.
| File | Version | Description | Location | Recommended Target Directory |
|---|---|---|---|---|
|
ds_ticket.dll |
1.4.0.0 |
Implementation of the Ticket Verifier for Lotus Domino version 1.4 |
<SAP_J2EE>\cluster\server\ services\servlet_jsp\work\ jspTemp\irj\root\portalapps\ com.sap.netweaver.coll.appl.gw\ WEB-INF\external\lotus |
Any directory, for example, c:\winnt\system32 |
|
sapsecu.dll |
5.4.24.0 |
Functions for working with the verify.pse keystore (public key infrastructure) |
The SAP Security Library is installed in the system. We recommend installing the most recent version of the library. This can be downloaded from sapserv<x> under /general/misc/security/SAPSECU/<platform>. |
Any directory mentioned in the PATH environment variable, for example, c:\winnt\system32 |
|
wpsso_v3.dll |
6200.93.0.0 |
Implementation of mySAP.com logon ticket handling functions |
Download from SAPSERV using FTP. For more information, see SAP Note 442401. |
Any directory mentioned in the PATH environment variable, for example, c:\winnt\system32 |
|
verify.pse |
|
PKI keystore (System Administrator → System Configuration → Keystore Administration) |
Download verify.pse as described in Keystore Manager . |
Any directory, for example, c:\lotus\domino\sap. |
- Using the Lotus Administrator client, update the Domino server document, section Internet Protocols - HTTP - DSAPI with the path and file name of the ds_ticket.dll < file, for example, c:\winnt\system32\ds_ticket.dll. If there are already DSAPI filter(s) listed, press enter at the end of the list and add the Ticket Verifier in a new line.
- Update the notes.ini file with the variable MySapPsePath with the SAP Enterprise Portal PKI keystore path and file name. MySapPsePath= c:\lotus\domino\sap\verify.pse If you do not set this notes.ini variable, the Ticket Verifier looks for the file c:\lotus\domino\verify.pse by default. You can check notes.ini variables by typing the "SHOW CONFIGURATION" command in the server console, for example, show configuration MySapPsePath.
- Restart the Lotus Domino server for the settings to take effect.
The Ticket Verifier redirects to the standard Lotus Domino authentication mechanism (for example, basic authentication or session login form) in the following scenarios:
If there are two or more matches of a portal user name in the Domino Directory. In this case there will be a log message on the server console and in the server log file as well.
If user mapping is not successful, for instance, if the portal user name cannot be found in the Domino Directory.