HCL Domino SSO with AzureAD

Proving that Domino can integrate with several other technologies is something we do on a regular basis, just to show the customers that Domino is an open platform.

For authentication, we did already several SSO configurations between Domino Directory and MS Active Directory by using ADFS and SAML authentication.

We now have a question from a customer that is using O365 heavily. They have Domino running with some applications that are integrated in Sharepoint and they use the HCAA Notes client for certain users that need to open the Domino databases in a client. 2 years ago we have set up an ADFS infrastructure with an ADFS Proxy for external access and configured SSO between Domino and Active Directory for web access and HCAA access so that users can log in in the applications with their Microsoft credentials.

The customer has a synchronization set up between Active Directory and Azure Active Directory and wants to migrate the Domino SSO from on-prem ADFS to Azure AD.

In the beginning, Domino supported only a certain set of Identity Providers, although we managed to set up SSO between Domino and other non-supported IDPs successfully 🙂

Now Domino officially supports Azure Active Directory as an Identity Provider (IDP) so I thought we have no excuse to set up what the customer wants. Before setting this up at the customer, I’ve set up a test environment at GroupWave with an SSL protected site and of course I’m sharing the technical details with whomever is interested because that’s just what HCL Ambassadors do 🙂

Azure Active Directory (AAD) settings

To be able to manage AAD you need to go the Azure Active Directory Admin center, https://aad.portal.azure.com Click on Enterprise applications and then on New Application to be able to register the Domino website as as an application

Create your own application

Fill in a name that you choose and select to register the application to integrate with AAD and click the create button

Once the application is created, you will be directed to the configuration page of the application.

Click on Set up single sign on and choose for SAML authentication.

You will have to fill in the URL of the application that you want to link, this is the URL of your Domino internet site. As an attribute you can go with the defaults, you need to be sure that user.mail is in there so that you use the internet mail address as a unique identifier between the two directories.

Download the federation Metadata XML file

Assign a test user or a group to your application so that they can authenticate

Go to your Domino Administrator client and create and IDP Catalog database on your server. Make sure you give it the name idpcat.nsf and select Show Advanced templates to be able to see the IdP Catalog template in the list.

In the IdP Catalog database, click on Add IdP Config and fill in the following fields

In the hostname field, fill in the name of the internet site and the IP Address that you use

In the Service Provider ID fill in the URL of the site In the IdP name field you may fill in a name as a reference for yourself, this field is just a comment.

Click on the button Import XML file and browse to the XML file you downloaded from your Enterprise Application.

This import will fill in the Single sign-on service URL Field and the fields on the Advanced tab of the configuration document.

Save the document with Ctrl-S to be able to go to the next step. On the certificate Management tab, click on the button Create SP Certificate

You will be asked to fill in a Company name, you may fill in whatever you want

Double click in the IdP Configuration document and fill in the Domino URL, in this case HTTPS://calendar.groupwave.be

Click on the button Export SP XML and you will see the ServiceProvider.xml file getting attached to the document. Save and Close the document and go to your internet sites view to change the affected site.

In your internet site document, go to the tab Domino Web Engine and change the Session authentication type to SAML

When you click on the button Open IdP Configuration, you will be redirected to the correct IdP Configuration document that you created.

Save and close you Internet site document and restart the HTTP Task on your Domino Server.

Open up your browser and surf to the URL of your application. In this case it is https://calendar.groupwave.be You will see that you get redirected to Office 365 and if you were already logged in, than you will be redirected to Domino.

Using Domino…but not already V11 ?

Are you a customer running an older version of Domino or are you a customer that used Domino (Lotus Notes) in the past ?

Whatever type of customer you are, I think it’s worthwile to notice that this product has experienced a huge transformation since it has been embraced by an enthousiastic team of people at HCL that works closely with their HCL Ambassadors and the “yellow” community.

You can’t deny that the last year you see a lot of announcements passing by in the newsfeeds of Twitter, LinkedIn and Facebook. Announcements around Domino Volt, Verse, Sametime, Connections.

I like to call Domino the “Swiss army knife” of your organization since you have all you need in one single platform and this all offered with an attractive license model. Just check this blog post to get all the details.

Have you read, between all the other posts, the announcement of Project 11 ? It’s worthwhile to browse the site and discover yourself why it is so interesting to upgrade to V11 and to benefit from all the new stuff that is built in and around Domino, all included in your license.

And while you see all those messages about Domino V11, you can look already forward into the future because HCL has announced their “Domino Early Access Program“. You can subscribe to this program as a customer as well as a business partner to test drive new features that will be available in Domino V12.

As you can see, there is no excuse to take a look at what’s happening in the world of Domino.

If you want more info, just drop me a note and we can have a meeting where I can elaborate more on the different new featues and the roadmap of Domino for the coming months, year.

2nd consecutive breaking news for Notes/Domino

Last year in October we were surprised about the big announcement that IBM made about their partnership with HCL. At that moment a lot of questions arised immediately about the future of the platform, the responsibilities of HCL and so on.

Development of the products Notes, Domino, Traveler and Sametime were the responsibility of HCL, bringing the message to the market and working close together with HCL about the roadmap of the products, was IBM’s job.

In Q1 2018 I attended IBM Think and I was thrilled about the great interest of the attendees in the Collaboration sessions. All sessions about DominoV10 were packed and HCL came out with a revolutionary product, Notes on an iPad !

HCL started talking about new features coming up in Domino V10, beta versions were released and about a year after the partnership announcement, we had a global launch event of the final Domino V10 version !

#domino2025 became #dominoforever with a clear message to the world: “Domino is far from dead, start to fear the beast !”

Recently HCL and IBM announced that HCL is acquiring a select set of IBM Software products. The products involved in the deal are

• Appscan for secure application development,
• BigFix for secure device management,
• Unica (on-premise) for marketing automation,
• Commerce (on-premise) for omni-channel eCommerce,
• Portal (on-premise) for digital experience,
• Notes & Domino for email and low-code rapid application development, and
• Connections for workstream collaboration.

This deal means a lot for the future of the products where I see a lot of positive energy and drive within HCL to evolve the products to something every customers wants to have.

I know some of the customers have migrated to another platform, mainly for mail. A lot of them still have applications running. Applications who make their business run, applications that can be brought to a next level, integrated in their platform where they moved to. That way, their new and existing investment is well spent !

Customers that haven’t touched Notes/Domino yet, will be surprised about the power of the product and the many possibilities it has to offer to solve business problems they have currently.

In a recent article, written by David Gewirtz, he mentioned this

“Notes was Salesforce before Salesforce. It was Dropbox before Dropbox. It was SharePoint before SharePoint. It was Atlassian before Atlassian. It was Zendesk before Zendesk. It was ServiceNow before ServiceNow. It was Workday before Workday. In some implementations, it was even Github before Github.”

With that conclusion, I open up the floor for this new journey !

Get all the latest news about the progress on http://www.ibm.com/destinationdomino

Have a good day !

Domino is not dead ! More than ever in business !

Tags

#domino2025 domino notes sametime

Hello all,

today I had the honor to participate in an IBM Champions call about new and exciting news around the IBM Collaboration products.

IBM announced their strategic partnership with the company HCL. Together they will join forces and put the oxygen again in the robust Domino server.

IBM announced there “Project Sapphire” – Notes, Domino and Verse V10 together with Sametime in 2018.

As the cherry on the cake, they also announced that they will deliver Domino 9 FP10 by the end of the year 2017, together with Verse on Premises 1.0.3.

The most exciting thing around the “Project Sapphire” is the announcement of the #Domino2025 jams that they will organise. The goal is to discuss together with customers, partners, Champions about the future enhancements of the products. Like Jason Gary states about Connections Pink, is equal for “Project Sapphire”, they don’t want to develop a product for us, but together with us !

Do you want to join us in those jams ? Get registered here: https://www.ibm.com/social-business/us-en/announce/domino-jam2025/

Which products will be covered in this partnership with HCL ?

• IBM Notes and Domino
• IBM SmartCloud Notes
• IBM Notes Traveler
• IBM Mobile Connect
• IBM Verse
• IBM Mail Support for Microsoft Outlook (IMSMO)
• IBM WISPR
• IBM Enterprise Integrator (LEI)
• IBM Sametime portfolio
• IBM Connections Chat/Meetings
• IBM Client Access (ICAA)

 

During the call they were already announcements about clear commitments of their side:

• Domino will support the native Apple Mail client to connect to the mailfile
• The IBM Think conference in march 2018 will have a large presence for Notes/Domino
• Marketing is something that will get a lot of attention

Personally I think that this is exciting news to reintroduce the force of the multi-purpose server that Domino is with build in security, internet services and ability to connect to different data sources !

 

 

Social Connections session about SSO

Hello

thursdayt I had my session about SSO between your on-premise environment and IBM Connections Cloud.
I talked about SAML, ADFS and the different possibilities that are available to configure SSO in IBM Connections Cloud.
If you were in my session or not and want to review the slides, go and check out this URL where you can find my slides

https://socialconnections.info/sessions/open-doors-cloud-using-sso-methodologies-organisation-ibm/

Go and check out the rest of the slides that will be published on the site when they are available

https://socialconnections.info/11-agenda/

I enjoyed the conference a lot and it was again nice to meet up with some new people and have interesting discussions.

During closing session, the team announced that Social Connections 11 will be held in Europe. Prepare already an interesting abstract to submit and keep an eye on the upcoming announcement about the dates.

Connect 2017

Tags

api, connections, domino, ibm, pink, social, watson, workspace

A lot of changes this year at Connect, my first time as an IBM Champion, a complete new location in a complete different state, California, and a different city, San Francisco.

This year the venue was the Moscone West Center

For me personally, the venue was not as good as in the past. You didn’t have the possibility to run into someone, grab a seat and have a conversation. Last year we had the possibility to go out in a kind of a garden, now we were in the centre of the city.

When everybody is staying in several different hotels, it’s much more difficult to meet up as when everybody is in the same hotel and having a drink in the hotel’s bar 🙂

But enough about that, part of the above, I had some nice conversations and meetings with interesting people !

I attended a lot of interesting sessions and noticed that IBM is changing its mindset and it is about time that we kick some ass and battle against Microsoft !

Let’s talk first about Domino.

For all of you that think that there is no future anymore for your Domino applications that are present in your company for years…sit back and read further on.

Do you know any other platform that comes out of the box with the following features ?

• Security
• Replication
• Clustering
• Encryption
• Ability to go offline
• Open to other platforms
• Ability to develop and customize

IBM will enhance its current API framework (Mail, Calendar, Freebusy, Data) to extend capabilities and enable the use of modern application development tools (ex. Swagger)

The additional REST services that will be added to expose more powerful capabilities are

• Directory Service: browse or search a directory
• Contacts Service: manage personal contacts in your mailfile
• Mail Search Service: search your mailfile
• Subscription Service: poll for changes or register for push in an application
• Management Service: register users and manage users & groups

Thanks to the openNTF community there is a project available, SmartNSF, that allows access to your Domino applications via REST APIs. It’s available as an extension for your Domino Server and Designer.

For customers that are defining a path for their Domino applications, it is interesting to know that in Q2 2017, Panagenda’s Application Insights will be released.

Application Insights will be free of charge for customers under S&S and will allow you to analyse the 50 most used applications based on

• Application usage
• Application complexity
• Application code

If you have more than 50 applications, then you can by an extra license.

On Wednesday, there was Pink Wednesday. IBM Connections Pink is about a new revolutionary product. Pink is a journey, not a destination.

Jason Gary stated the following “We are not going to build Software for You, we gonna build Software WITH you”.

This means that Pink will be based on open standards and you will have the ability to customize as much as you want without having to lose your work thanks to the new Muse Proxy.

With Pink you will have the choice where you want to store your data, you can have for example all of your files in the cloud and the profiles on premise. The different applications will run in Docker containers, this will allow you to install updates of the different components individually without disturbing another component.

Recently there was a OpenMic WebCast about Connections Pink, you can find all info in here

Gradually we will see the impact of Pink crawling into Connections 6 as new features:

• Orient Me: the homepage that knows you
• Modern Communities: allows to modernize the look & feel and to copy the design as a template to create a new community
• OnBoarding experience: a guided tour that allows new users to get started and get involved much easier through suggested lists of users and communities

IBM Watson Workspace was present everywhere at IBM Connect, there is a tight integration between Watson Workspace and the rest of the Collaboration Stack. During OGS I saw interactions between IBM Verse and Watson Workspace , where you can share a received email in a space so that the ones where you work with in the space are notified and you can start discussing or even start working on a shared document that you get from your Connections platform…

The integration of bots in spaces allows to have nice integrations and acces to all sorts of data coming for instance from your CRM application.

To wrap up I also want to mention that they showed something brand new that is still growing in the labs, IBM Livegrid. Livegrid is the new IBM Application Development platform for IBM Connections. It promises to be something really cool, they showed us a demo where a spreadsheet upload was transformed in a nice looking application in just a few clicks !

So, as you can see, a lot is going on and lot is coming in 2017. Open your eyes and ears in the coming months and enjoy this rollercoaster trip together with us.

Evolution of Cisco in IBM Products

It’s been a while now that IBM and Cisco announced their partnership under the theme “Partnering to Redefine Work”.

In the meantime, messages have been passed and some online meetings were held in WebEX to get used to the products.

The message here is that, you as a customer, will have the choice to integrate Jabber and WebEX in your IBM Connections Cloud environment or go further with IBM Sametime chat and meetings.

As of December 2016, some of the first integrations of the Cisco Products will be available

• One click to get from Connections Cloud to WebEx dashboard
• Add a WebEx meeting as a default meeting in my IBM Verse calendar invites
• Easily join a WebEx meeting from Verse
• Join a Jabber chat from Connections Cloud or Verse Navigation bar, or the Connections Cloud Business Card
• Share a Connections Files Cloud document from a WebEx mobile meeting

Here a screenshot of Jabber chat in IBM Connections

Share a Connections Cloud file from WebEX Mobile

 

IMSMO ? IBM mail support for MS Outlook aka Outlook native access to a Domino Server

As I mentioned in my previous blog post, it’s IBM’s vision to provide an open Client strategy, one of those clients is certainly MS Outlook.

A lot of the customers are moving to O365 because they like the Outlook client, unfortunately they don’t think about the effort to migrate and not to mention the financial effort.

In a lot of cases I’m wondering if the juice is worth the effort of squeezing   🙂 They think by moving away they will save money, but with all struggles they encounter during the project, it results in more money being spent or wasted then being saved.

IBM mail support for MS Outlook helps IBM Notes/Domino customers create more engaged employees, avoid rip-and-replace costs and preserves value of existing IT, by allowing users to decide which email client works best for them, Outlook or Notes and this against their existing, powerful and reliable Domino Server.

Who’s entitled to use IMSMO ?

This is a rather simple question, every customer who has valid Domino CAL’s or Collaboration Express licenses.Dual Entitlement customers and Connections Cloud S1 or SmartCloud Notes customers have also the right to connect with MS Outlook to a Domino Server.

Supported versions of Outlook are 2010, 2013 and 2016. Currently there is only support for the Windows versions but Outlook for Mac and Apple Mail are under investigation.

The most current version is IMSMO 2.0 Fix Pack 2, you can find the information here:

https://www-01.ibm.com/support/docview.wss?uid=swg21989448

What are the capabilities of the client ?

Outlook capabilities that are available in an Outlook/Exchange world are also possible in an Outlook/Domino world. Hereby a summary of the capabilities:

Mail	Calendar	Client-wide
–  Compose –  Send/Receive –  Draft sync –  Quota indication –  Summary Sync –  Folder support – Notes encryption	– Free/busy lookup – Room finder	–  Search –  Automatic client updates –  Automatic Send/Receive on network connection –  Offline support –  OoO Support

If you install IMSMO on premise, you need to think about the following guidelines before you get started with the installation:

• Domino 9.0.1 or higher and ID Vault are required
• Outlook users must have a replica on the IMSMO servers or you can install IMSMO on the mail server in a small deployment
• You can’t mix Notes Traveler and IMSMO on the same Domino Server
• Use DB2 to store the sync data or when you want to provide HA, in a small environment you can use the internal derby database
• Use a proper SSL Certificate instead of self-signed one

As you can see on this slide, IBM decided to use SyncML instead of Exchange ActiveSync because it gives more control over the connection and functionality.

Here you can find some extra IMSMO slides

http://www.slideshare.net/sreeJk/open-mic-imsmo-for-scn-24th-aug-2016

If you want to know more about the administration, check this guide

 

ICON UK 2016 – A small review

Last week I was at ICON UK 2016, it was again an amazing event and I had the opportunity to meet some new people.

During the opening session, Uffe Sorensen and Barry Rosen presented the roadmap for the upcoming 12 to 18 months.

They had lots of interesting stuff to tell and also shared the next 2 roadmaps with us

 

The most interesting part of those events is having the possibility to chat with IBM in an informal way. They listen and give feedback internally to IBM so that they know what’s happening in the community.

For those who attended my session or those who didn’t make it to my session, you can download the slides here: traveler-uk.

The organisation of ICON UK deserves a big round of applause for a well organised event ! We had a chance to see London by night during a sightseeing tour on the Thames. We even had an execellent firework on the Thames to conclude our evening…..or was this not intended only for us 🙂

 

Also this year, the organisation wanted to help a charity organisation. This year, 4000£ has been raised for Whizz-Kidz

It’s amazing what you can do when a community shows his heart and collects some money for charity.

 

Again, well done and see you next year !

Future of Notes/Domino

Hello, it’s a long time that I did an update on my blog but with Q4 knocking on the frontdoor, I thought it is a good time to send out some information.

I get a lot of questions about the future of Notes/Domino, is there any new version coming up ? Is Verse the new client ? Do we need to go to the cloud ? What about the competition ? Is O365 better ?

During a recent roundtable with IBM and other business partners, I noticed that I’m not the only one getting those questions and remarks. This means that IBM didn’t communicate well to their customers about where they are going with the products.

Some interesting stuff has been discussed during the roundtable that I’m more than happy to share with you.

First of all, we received an answer that the following technote has been published on the 13th of september. In this technote IBM communicated that they continue to support Notes/Domino 9 till at LEAST 2021.

Does this mean that afterwards support will stop ? No, it is a message that they still invest in the product and keep on putting in new features.

They will not deliver a new major version but you will get updates and new features in the format of ” feature packs “, this is a more agile way of introducing new stuff into the product.

As a result of the above, you will need to have an active entitlement to continue to download those feature packs.

Don’t interpret this as a dead end, everybody is doing this like Windows 10 will be the last version of their OS, you will get updates en new features in it but it will last as Windows 10.

On the 18th of november they will release IBM Verse on premise, this means that you will be able to use an IBM Verse client to connect to your on premise Domino Server.

The installation of Verse on premise will be as simple as unzip a zip file on your Domino Server.

Make sure that your IBM Connections Files & Profiles is on Release 5.5.CR1 to get all social features in your IBM Verse client.

What about the Domino applications ? If we shift to a #newwaytowork where everything is browser-based, we need to have a solution for the Domino applications.

Customers who migrate to O365 get the answer from the competition to recreate them in another technology.

In most cases this is a big investment, just because they invested in the past in the development of Domino applications.

xPages can be a low cost answer  so that you can modernize the applications and bring them to the browser.

The ICAA or IBM Client Application Access can be an alternative if you don’t care about mobile/browser access to your Domino applications. It can be nicely integrated in Verse or even Outlook when you are forced to migrate to O365.

More news on what to do with your Domino applications will be communicated in december where they will announce ” App Modernization ” tool. When we may expect this communication is not clear but as soon as I know more, I’ll post it on my blog.