This week I had the pleasure to set up 3 different Lotus Connections 2.5 environments, and assist in a migration of a 4th.
The most interesting install was at a customer site where they wanted to integrate Windows Authentication with Lotus Connections (a.k.a SPNEGO/Kerberos). The idea is that each morning an employee logs on to their Windows desktop and authenticates against an NT domain. Then a user launches Connections and magically they are automatically signed on!
I hadn't done a SPNEGO / Lotus Connections installation in a while, but read the documentation and it seemed pretty straightforward. To enable SPNEGO authentication with Lotus Connections, I followed the steps documented in the Lotus Connections InfoCenter.
The actual setup is not that bad. One part must be done by the Active Directory administrator and another part is just some WebSphere configuration. The WebSphere configuration took about 10-15 minutes. One thing I wished the InfoCenter had was screenshots. However, as we were getting ready to do this deployment, we used Lotus Connections internally to find an expert in this topic. And we found Purvi Tivedi who wrote this awesome article, step-by-step & complete with screenshots. Of course, now I have tagged Purvi and bookmarked her document so I can find them later.
After restarting the server, SPNEGO didn't work. We actually spent 2-3 hours troubleshooting it. We noticed that there were a couple of technotes on the topic, but they didn't seem to apply. Finally, the light bulb went on. Our setup was against the customer's QAACME domain, and the user had logged on to their desktop under the ACME NT domain. We logged out the user, logged back in under the right Windows NT domain, opened a browser to Connections and it worked!