Tuesday, January 3, 2012

Sametime 8.5.2 meeting room desktop sharing not working after SPNEGO integration

Update: This is now fixed in 8.5.2 ifr1 :-)

After enabling SPNEGO SSO, by following this: http://www.ibm.com/developerworks/lotus/documentation/spnegowithsametime852 , sharing your desktop in a meeting room won't work.
The Meeting Room then complains about not finding Java installed on your computer.

When enabling the Java Console, Error messages like this was shown:

network: Connecting http://emeeting01.XXXXX.no/stmeetings/static-20110517-1459/applets/com/ibm/rtc/meetings/appshare/vmverifier/VMVerifier.class with cookie "__utma=196210227.1528252485.1309809906.1309809906.1309809906.1; __utmz=196210227.1309809906.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSESSIONID=0000Xl5-guFFt6wzPlob0X4SsCw:-1; inMeetingRoom=4d634344_55ca_4b52_a956_524b9e54211b.1324476918705; inMeetingRoomName=IK%2520System%2520Grupevre"
basic: load: class com.ibm.rtc.meetings.appshare.vmverifier.VMVerifier not found.
load: class com.ibm.rtc.meetings.appshare.vmverifier.VMVerifier not found.
java.lang.ClassNotFoundException: com.ibm.rtc.meetings.appshare.vmverifier.VMVerifier
at sun.plugin2.applet.Applet2ClassLoader.findClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass0(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadClass(Unknown Source)
at java.lang.ClassLoader.loadClass(Unknown Source)
at sun.plugin2.applet.Plugin2ClassLoader.loadCode(Unknown Source)
at sun.plugin2.applet.Plugin2Manager.createApplet(Unknown Source)
at sun.plugin2.applet.Plugin2Manager$AppletExecutionRunnable.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Exception: java.lang.ClassNotFoundException: com.ibm.rtc.meetings.appshare.vmverifier.VMVerifier

Or you just get an error message in the java console that says that "VMVerifier.jar not found".

I remembered chatting with the author (Conall) of the SPNEGO document regarding an issue I had with SSO not working on the Proxy server when entering the proxy server directly without thouching the snoop applet first, and we came to the conclusion that the Proxyserver application needed to remap the roles in order for the SPNEGO to work.
So the "AllUsers" role needed to change from "Everyone" to "All Authenticated in Application's Realm".

So I opened up the WAS Console for the Sametime Meetingserver, selected the "Sametime Meeting Server" application, and clicked the "Security role to user/group mapping" link.
Then, selected the "AllUsers" Role and then clicked the button "Map Special Subjects" and selected the "All Authenticated in Application's Realm". Then saved.

So the old setting was like this:

And the new setting is like this:

Restarted the Application and voila, Desktop sharing worked!

No comments: