kkocar

Jabber and Notes Calendar Authentication

Blog Post created by kkocar on Jun 10, 2013

Jabber supports a Notes Calendar integration which allows appointments created in the IBM client to be viewed in the Cisco client’s Meetings Tab. Jabber will also use Notes calendar entries to change the user’s presence status to “In a Meeting”.

 

Figure 1 – Notes Calendar Jabber Integration

 

Jabber_4.png

 

The calendar integration is really simple to enable as it just requires the end user to select the Notes integration from the File>Options>Integration menu

 

Figure 2 – Enabling the Integration

 

Jabber_2.png

 

 

One point to note is that this useful feature is subject to the Notes email client’s API security policy and by default each time you start the Jabber client you will be prompted to authenticate with the Notes calendar API. Take a look at this video.

 

 

 

 

Here is an example of the Notes Calendar API authentication challenge shown in the previous video.

 

Figure 3 – Notes API Password Authentication

 

Jabber_3.png

 

Some organisations may choose to live with these additional authentications as this is how the Lotus Notes calendar API behaves by default, but others may want to look at their options to minimise the number of passwords end users need to type.

 

The following discussion is based upon testing I conducted in my lab and I am sharing the results as observed. If anyone sees different behaviour or disagrees with my conclusions please feel free to comment as necessary.

 

My lab environment was based upon Notes 8.5.3 and Jabber 9.2 on my Windows 7 desktops and Domino 8.5.3, which was used for the backend. After a basic install each client (Notes and Jabber) requested its own username/password combination to start up. The first change I made to my default Notes client was to locally enable “Don’t prompt for a password from other Notes-based programs (reduces security)”, this parameter can be accessed from File>Security>User Security as shown in the short video clip below.

 

 

 

 

My testing results showed that enabling the “Don’t prompt for a password from other Notes-based programs (reduces security)” parameter decreased the number of authentications required for the Jabber integration with the Notes calendar API.

 

I have tabulated my results:

 

 

Notes

Jabber

Scenario Details

“Don’t Prompt” = Off

“Don’t Prompt” = On

Started before Jabber

Started after Notes

Neither Notes nor Jabber were running on my desktop. I started the Notes client first; I entered in the Notes password to authenticate. Then loaded the Jabber client, I entered the Jabber password when prompted.

Calendar API Password Required

Calendar API Password not Required

Started after Jabber

Started before Notes

Neither Notes nor Jabber were running on my desktop. I started the Jabber client and authenticated with my Jabber password. Then I loaded Notes and authenticated using my Notes password.

Calendar API Password Required

Calendar API Password Required

Notes Client Online

Restart Jabber

Both clients were running on my desktop. I restarted Jabber and authenticated with my Jabber password when prompted.

Calendar API Password Required

Calendar API Password not Required

Restart Notes

Jabber Client Online

Both clients were running on my desktop. I restarted Notes and authenticated with my Notes password when prompted. I also tested starting Notes from the “Meeting Details” option within Jabber.

Calendar API Password not Required (This includes clicking the “Meeting Details” option in the Jabber Calendar).

Calendar API Password not Required

(This includes clicking the “Meeting Details” option in the Jabber Calendar).

 

 

Note: The password requirement in the above table relates to the Notes Calendar API authentication depicted in Figure 3 and not the Jabber/Notes password required each time the client is launched/re-started. The “Don’t Prompt” columns equate to the “Don’t prompt for a password from other Notes-based programs (reduces security)” security setting.

 

Just for interest I also tested setting the “Don’t prompt for a password from other Notes-based programs (reduces security)” parameter via a Domino explicit policy configuration. From the research I’ve done my understanding is that IBM introduced the “Don’t prompt” policy field from Domino version 8.5.3+. I captured a short video from my Domino Administrator client to show you where to find the setting:


 


 

 

In my lab once I had created the Jabber for Notes Security settings document and added it to an explicit policy I assigned it to a test user “Steve Smith”. In your organisation you would add the policy setting to any Notes users who also ran the Cisco Jabber client.

 

The final change I made to my lab was to look at the impact of linking the Notes email login with that of the Windows operating system. This IBM feature is known as Shared Login, which ties in Notes authentication with my Windows login. Just like the previous Security Setting configuration, I implemented Shared Login via Notes Policy from my Domino Administrator:

 

 

 

 

After enabling Shared Login I retested and it appears that the Notes Shared Login configuration (with or without the “Don’t prompt” policy enabled) completely removes the requirement to authenticate Jabber against the Notes calendar API. For reference I captured the scenario where I start Jabber before I start my Notes client as for all previous test cases this scenario had always required me to authenticate:

 

 

 

 

Here are my results table for Shared Login:

 

 

Notes

Jabber

Scenario Dateails

Shared Login

(“Don’t Prompt = On/ Off”)

Started before Jabber

Started after Notes

Neither Notes nor Jabber were running on my desktop. I started the Notes client first; there was no need to enter a password due to the shared login config. I then loaded the Jabber client; I entered the Jabber password when prompted.

Calendar API Password not Required

Started after Jabber

Started before Notes

Neither Notes nor Jabber were running on my desktop. I started the Jabber client and authenticated with my Jabber password. I then started the Notes client; there was no need to enter a password due to the shared login config.

Calendar API Password not Required

(Assumes Jabber and OS password are the  same)

Notes Client Online

Restart Jabber

Both clients were running on my desktop. I restarted Jabber and authenticated with my Jabber password when prompted.

Calendar API Password not Required

Restart Notes

Jabber Client Online

Both clients were running on my desktop. I restarted Notes; there was no need to enter a password due to the shared login config. I also tested starting Notes from the “Meeting Details” option within Jabber.

Calendar API Password not Required

(This includes clicking the “Meeting Details” option in the Jabber Calendar).

 

 

I would very much appreciate it if anyone can provide feedback as to whether they observe the same client behaviour when Shared Login is enabled? I am also happy to update this blog if anyone has any input on other Notes authentication or SSO options and how they specifically impact Cisco Jabber’s interaction with the Calendar API.

Attachments

Outcomes