Congratulations!

[Valid RSS] This is a valid RSS feed.

Recommendations

This feed is valid, but interoperability with the widest range of feed readers could be improved by implementing the following recommendations.

Source: http://techblog.gis-ag.info/feed/

  1. <?xml version="1.0" encoding="UTF-8"?><rss version="2.0"
  2. xmlns:content="http://purl.org/rss/1.0/modules/content/"
  3. xmlns:wfw="http://wellformedweb.org/CommentAPI/"
  4. xmlns:dc="http://purl.org/dc/elements/1.1/"
  5. xmlns:atom="http://www.w3.org/2005/Atom"
  6. xmlns:sy="http://purl.org/rss/1.0/modules/syndication/"
  7. xmlns:slash="http://purl.org/rss/1.0/modules/slash/"
  8. >
  9.  
  10. <channel>
  11. <title>GIS Techblog</title>
  12. <atom:link href="http://techblog.gis-ag.info/feed/" rel="self" type="application/rss+xml" />
  13. <link>http://techblog.gis-ag.info</link>
  14. <description></description>
  15. <lastBuildDate>Thu, 23 Mar 2017 13:06:42 +0000</lastBuildDate>
  16. <language>en-US</language>
  17. <sy:updatePeriod>hourly</sy:updatePeriod>
  18. <sy:updateFrequency>1</sy:updateFrequency>
  19. <generator>https://wordpress.org/?v=4.7.3</generator>
  20. <item>
  21. <title>SNOUG 2017 Presentation &#8211; SikaConnect goes External</title>
  22. <link>http://techblog.gis-ag.info/2017/03/23/snoug-2017-presentation-sikaconnect-goes-external/</link>
  23. <comments>http://techblog.gis-ag.info/2017/03/23/snoug-2017-presentation-sikaconnect-goes-external/#respond</comments>
  24. <pubDate>Thu, 23 Mar 2017 13:06:42 +0000</pubDate>
  25. <dc:creator><![CDATA[Julius Schwarzweller]]></dc:creator>
  26. <category><![CDATA[IBM Connections]]></category>
  27. <category><![CDATA[extranet]]></category>
  28. <category><![CDATA[SIKA]]></category>
  29. <category><![CDATA[SNouG]]></category>
  30. <category><![CDATA[TAI]]></category>
  31. <category><![CDATA[Zuerich]]></category>
  32.  
  33. <guid isPermaLink="false">http://techblog.gis-ag.info/?p=2137</guid>
  34. <description><![CDATA[SNOUG 2017 Presentation &#8211; SikaConnect goes External Hi all, yesterday I was at SNouG in Zurich. I had a great time there &#8211; good speakers and a overall perfectly organized event (would we expect sth. else from Switzerland? 😉 ) Raymond Weber from SIKA Informationssysteme AG and I did a session about the SIKA Extranet [&#8230;]]]></description>
  35. <content:encoded><![CDATA[<h1>SNOUG 2017 Presentation &#8211; SikaConnect goes External</h1>
  36. <p>Hi all,</p>
  37. <p>yesterday I was at SNouG in Zurich. I had a great time there &#8211; good speakers and a overall perfectly organized event (would we expect sth. else from Switzerland? <img src="https://s.w.org/images/core/emoji/2.2.1/72x72/1f609.png" alt="&#x1f609;" class="wp-smiley" style="height: 1em; max-height: 1em;" /> )</p>
  38. <p>Raymond Weber from SIKA Informationssysteme AG and I did a session about the SIKA Extranet Feature:</p>
  39. <iframe class="pdfjs-viewer" width="1024px" height="480px" src="http://techblog.gis-ag.info/wp-content/plugins/pdf-viewer/stable/web/viewer.html?file=http://techblog.gis-ag.info/wp-content/uploads/2017/03/SNOUG_2017_SikaConnect_goes_External.pdf"></iframe>
  40. ]]></content:encoded>
  41. <wfw:commentRss>http://techblog.gis-ag.info/2017/03/23/snoug-2017-presentation-sikaconnect-goes-external/feed/</wfw:commentRss>
  42. <slash:comments>0</slash:comments>
  43. </item>
  44. <item>
  45. <title>Whiteboard in IBM Sametime Meeting 9.0.1 removed</title>
  46. <link>http://techblog.gis-ag.info/2017/03/17/whiteboard-in-ibm-sametime-meeting-9-0-1-removed/</link>
  47. <comments>http://techblog.gis-ag.info/2017/03/17/whiteboard-in-ibm-sametime-meeting-9-0-1-removed/#respond</comments>
  48. <pubDate>Fri, 17 Mar 2017 10:43:30 +0000</pubDate>
  49. <dc:creator><![CDATA[Andreas Bader]]></dc:creator>
  50. <category><![CDATA[IBM Sametime]]></category>
  51. <category><![CDATA[Sametime]]></category>
  52. <category><![CDATA[Whiteboard]]></category>
  53.  
  54. <guid isPermaLink="false">http://techblog.gis-ag.info/?p=2132</guid>
  55. <description><![CDATA[Whiteboard in IBM Sametime Meeting 9.0.1 removed IBM implemented in Sametime Meeting 9.0.1 a whiteboard function as technical preview. Ben described in his articel how to enable this feature: https://collaborationben.com/2016/05/20/whiteboard-in-sametime-9-0-1/ With the current cumulative Fix 901-ST-General-FP-SMOL-AK4G43  for the Meeting Server IBM has removed this function. The response on my PMR was: “I can confirm The [&#8230;]]]></description>
  56. <content:encoded><![CDATA[<p><strong>Whiteboard in IBM Sametime Meeting 9.0.1 removed</strong></p>
  57. <p>IBM implemented in Sametime Meeting 9.0.1 a whiteboard function as technical preview. Ben described in his articel how to enable this feature:<br />
  58. <a href="https://collaborationben.com/2016/05/20/whiteboard-in-sametime-9-0-1/">https://collaborationben.com/2016/05/20/whiteboard-in-sametime-9-0-1/</a></p>
  59. <p>With the current cumulative Fix <a class="ibm-forward-link ibm-inlinelink" href="http://www-01.ibm.com/support/docview.wss?rs=899&amp;uid=swg21999872">901-ST-General-FP-SMOL-AK4G43  </a>for the Meeting Server IBM has removed this function.</p>
  60. <p>The response on my PMR was:</p>
  61. <p>“I can confirm The Meetings Whiteboard feature release is being put on hold indefinitely.<br />
  62. The module “Core Whiteboard Services” has been removed permanently from the ST Meetings build, the whiteboard was an unsupported proof of concept feature.”</p>
  63. <p>It&#8217;s a pity, it was a useful function.</p>
  64. ]]></content:encoded>
  65. <wfw:commentRss>http://techblog.gis-ag.info/2017/03/17/whiteboard-in-ibm-sametime-meeting-9-0-1-removed/feed/</wfw:commentRss>
  66. <slash:comments>0</slash:comments>
  67. </item>
  68. <item>
  69. <title>Wikis content not accessible&#8230;</title>
  70. <link>http://techblog.gis-ag.info/2017/01/26/wikis-content-not-accessible/</link>
  71. <comments>http://techblog.gis-ag.info/2017/01/26/wikis-content-not-accessible/#respond</comments>
  72. <pubDate>Thu, 26 Jan 2017 09:54:10 +0000</pubDate>
  73. <dc:creator><![CDATA[Julius Schwarzweller]]></dc:creator>
  74. <category><![CDATA[IBM Connections]]></category>
  75. <category><![CDATA[0KB file]]></category>
  76. <category><![CDATA[nfs share]]></category>
  77. <category><![CDATA[WIKIS]]></category>
  78.  
  79. <guid isPermaLink="false">http://techblog.gis-ag.info/?p=2123</guid>
  80. <description><![CDATA[Wikis content not accessible&#8230; Hi, it`s been quite a long time; many projects at the moment so that blogging needs to wait 😉 Last week we had a very interesting problem at one customer&#8217;s environment. When accessing a Wiki, the page was displayed blank &#8211; no content was available. Browsing to older versions of this [&#8230;]]]></description>
  81. <content:encoded><![CDATA[<p><strong>Wikis content not accessible&#8230;</strong></p>
  82. <p>Hi,</p>
  83. <p>it`s been quite a long time; many projects at the moment so that blogging needs to wait <img src="https://s.w.org/images/core/emoji/2.2.1/72x72/1f609.png" alt="&#x1f609;" class="wp-smiley" style="height: 1em; max-height: 1em;" /></p>
  84. <p>Last week we had a very interesting problem at one customer&#8217;s environment. When accessing a Wiki, the page was displayed blank &#8211; no content was available. Browsing to older versions of this wikis worked.</p>
  85. <p>The error in the log:</p>
  86. <p><a href="http://techblog.gis-ag.info/2017/01/26/wikis-content-not-accessible/bildschirmfoto-2017-01-26-um-10-02-57/#main" rel="attachment wp-att-2124"><img class="alignnone size-full wp-image-2124" src="http://techblog.gis-ag.info/wp-content/uploads/2017/01/Bildschirmfoto-2017-01-26-um-10.02.57.png" alt="" width="984" height="503" srcset="http://techblog.gis-ag.info/wp-content/uploads/2017/01/Bildschirmfoto-2017-01-26-um-10.02.57.png 984w, http://techblog.gis-ag.info/wp-content/uploads/2017/01/Bildschirmfoto-2017-01-26-um-10.02.57-300x153.png 300w, http://techblog.gis-ag.info/wp-content/uploads/2017/01/Bildschirmfoto-2017-01-26-um-10.02.57-768x393.png 768w" sizes="(max-width: 984px) 100vw, 984px" /></a></p>
  87. <p>Parsing error&#8230; Wikis content (the body) gets store in the filesystem as xml files. If you access a Wiki there is a XML parser that first checks the syntax &#8211; then the xml file is converted to HTML and you can view the content.</p>
  88. <p>When analyzing this deeper we figured out that this has something to do with a maintenance we did on the same day, where a highly available NFS cluster was replaced by another NFS solution. It turned out that the old cluster had synchronization issues with some files so that some content was not available on both nodes. When migrating this content we took one of the old NFS servers and just installed the new NFS software onto this. Strangely the old NFS cluster created the files on both NFS servers but on one side without content &#8211; we had 0 KB files.</p>
  89. <p>This explains the parsing error we saw in the log. Because the parser finds the file &#8211; but for sure it is not parse able (0KB content)!</p>
  90. <p>The issue was solved by resyncing the old file store so that both sides were synchronous and then migrate the content again.</p>
  91. <p>Maybe this helps someone out there&#8230; If you get a SAX parsing error, look for 0 KB files <img src="https://s.w.org/images/core/emoji/2.2.1/72x72/1f609.png" alt="&#x1f609;" class="wp-smiley" style="height: 1em; max-height: 1em;" /></p>
  92. ]]></content:encoded>
  93. <wfw:commentRss>http://techblog.gis-ag.info/2017/01/26/wikis-content-not-accessible/feed/</wfw:commentRss>
  94. <slash:comments>0</slash:comments>
  95. </item>
  96. <item>
  97. <title>Automatic WebSphere plugin modification II &#8211; PowerShell for Windows</title>
  98. <link>http://techblog.gis-ag.info/2016/12/01/automatic-websphere-plugin-modification-ii-powershell-for-windows/</link>
  99. <comments>http://techblog.gis-ag.info/2016/12/01/automatic-websphere-plugin-modification-ii-powershell-for-windows/#respond</comments>
  100. <pubDate>Thu, 01 Dec 2016 08:54:40 +0000</pubDate>
  101. <dc:creator><![CDATA[Julius Schwarzweller]]></dc:creator>
  102. <category><![CDATA[IBM Connections]]></category>
  103. <category><![CDATA[automatic modification]]></category>
  104. <category><![CDATA[BackupServers]]></category>
  105. <category><![CDATA[high availability]]></category>
  106. <category><![CDATA[plugin-cfg.xml]]></category>
  107. <category><![CDATA[PowerShell]]></category>
  108. <category><![CDATA[PrimaryServers]]></category>
  109. <category><![CDATA[two-line concept]]></category>
  110. <category><![CDATA[WebSphere Plugins]]></category>
  111. <category><![CDATA[windows]]></category>
  112.  
  113. <guid isPermaLink="false">http://techblog.gis-ag.info/?p=2095</guid>
  114. <description><![CDATA[Automatic WebSphere plugin modification II &#8211; PowerShell for Windows Hi, some months ago I published a shell script to automatically modify the Primary / BackupServer definition in a WebSphere plugin-cfg.xml file. As we have several Windows customers we decided to transfer this script to PowerShell so that it is also useable for a Windows Cluster installation. [&#8230;]]]></description>
  115. <content:encoded><![CDATA[<p><strong>Automatic WebSphere plugin modification II &#8211; PowerShell for Windows</strong></p>
  116. <p>Hi,</p>
  117. <p>some months ago I <a href="http://techblog.gis-ag.info/2016/07/06/automatic-modification-of-websphere-plugin-primary-backupservers-to-maintain-two-line-concept/">published</a> a shell script to automatically modify the Primary / BackupServer definition in a WebSphere plugin-cfg.xml file.</p>
  118. <p>As we have several Windows customers we decided to transfer this script to PowerShell so that it is also useable for a Windows Cluster installation. My colleague Jan Bruns did a great job implementing this script.</p>
  119. <p>It basically works the same way as the Linux script:</p>
  120. <p><a href="http://techblog.gis-ag.info/2016/12/01/automatic-websphere-plugin-modification-ii-powershell-for-windows/modifywasplugin-ps1/" rel="attachment wp-att-2096">modifywasplugin-ps1</a></p>
  121. <p><em>Please note that using the script is at your own risk! You should carefully test the script! It might need some more error handling!</em></p>
  122. <p>This script has four different operation modes:</p>
  123. <ul>
  124. <li>./modifyWasPlugin.ps1 -manual –&gt; Manual selection process</li>
  125. <li>./modifyWasPlugin.ps1 -automatic –&gt; Automatic execution process. Modify array “backupServerList” in this script.</li>
  126. <li>./modifyWasPlugin.ps1 -setbackup SERVER –&gt; Remove SERVER from PrimaryServer definition and declare it as BackupServer</li>
  127. <li>./modifyWasPlugin.ps1 -list –&gt; List all servers declared as PRIMARY</li>
  128. </ul>
  129. <p><em>Preparation</em></p>
  130. <p>Open the script and modify the variable “fileToUse” &amp;&amp; &#8220;outputPath&#8221; to match your plugin-cfg.xml</p>
  131. <pre>#Path to the plugin-cfg.xml file
  132. $filetoUse = "D:\IBM\WebSphere\Plugins\webserver1\plugin-cfg.xml"
  133.  
  134. #Path to the Output XML file
  135. $outputPath = "D:\IBM\WebSphere\Plugins\webserver1\plugin-cfg.xml"</pre>
  136. <p>For the automatic mode, please fill the variable with the BackupServers:</p>
  137. <pre>[System.Array]$BackupServerList = "ic55Node02_CommonCluster_server2", "xxx", "yyy"</pre>
  138. <p>Then add the script to your Windows Task Scheduler and run it each 10 minutes or so&#8230;</p>
  139. <p>Hope this helps someone out there <img src="https://s.w.org/images/core/emoji/2.2.1/72x72/1f609.png" alt="&#x1f609;" class="wp-smiley" style="height: 1em; max-height: 1em;" /></p>
  140. ]]></content:encoded>
  141. <wfw:commentRss>http://techblog.gis-ag.info/2016/12/01/automatic-websphere-plugin-modification-ii-powershell-for-windows/feed/</wfw:commentRss>
  142. <slash:comments>0</slash:comments>
  143. </item>
  144. <item>
  145. <title>IBM Connections Docs – file preview not possible for some CCM pdf files</title>
  146. <link>http://techblog.gis-ag.info/2016/11/17/ibm-connections-docs-file-preview-not-possible-for-some-ccm-pdf-files/</link>
  147. <comments>http://techblog.gis-ag.info/2016/11/17/ibm-connections-docs-file-preview-not-possible-for-some-ccm-pdf-files/#respond</comments>
  148. <pubDate>Thu, 17 Nov 2016 07:15:52 +0000</pubDate>
  149. <dc:creator><![CDATA[Julius Schwarzweller]]></dc:creator>
  150. <category><![CDATA[IBM Connections]]></category>
  151. <category><![CDATA[applications/pdf]]></category>
  152. <category><![CDATA[CCM]]></category>
  153. <category><![CDATA[CLFSF402W]]></category>
  154. <category><![CDATA[document type not supported]]></category>
  155. <category><![CDATA[Fileviewer]]></category>
  156. <category><![CDATA[firefox]]></category>
  157. <category><![CDATA[IBM Connections 5.5]]></category>
  158. <category><![CDATA[IBM Docs 2.0.1]]></category>
  159. <category><![CDATA[image/pcl]]></category>
  160. <category><![CDATA[mime-types.rdf]]></category>
  161. <category><![CDATA[pdf]]></category>
  162.  
  163. <guid isPermaLink="false">http://techblog.gis-ag.info/?p=2076</guid>
  164. <description><![CDATA[IBM Connections Docs – file preview not possible for some CCM pdf files Hi all, last week we had trouble in a customer environment using the file preview functionality for some pdf files (only those that were uploaded using CCM). Instead of a preview the message was displayed: At the same time we saw the [&#8230;]]]></description>
  165. <content:encoded><![CDATA[<p><strong>IBM Connections Docs – file preview not possible for some CCM pdf files</strong></p>
  166. <p>Hi all,</p>
  167. <p>last week we had trouble in a customer environment using the file preview functionality for some pdf files (only those that were uploaded using CCM).</p>
  168. <p>Instead of a preview the message was displayed:</p>
  169. <p><a href="http://techblog.gis-ag.info/2016/11/17/ibm-connections-docs-file-preview-not-possible-for-some-ccm-pdf-files/bildschirmfoto-2016-11-16-um-08-29-59/#main" rel="attachment wp-att-2077"><img class="alignnone size-large wp-image-2077" src="http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-16-um-08.29.59-1024x201.png" alt="bildschirmfoto-2016-11-16-um-08-29-59" width="640" height="126" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-16-um-08.29.59-1024x201.png 1024w, http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-16-um-08.29.59-300x59.png 300w, http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-16-um-08.29.59-768x151.png 768w, http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-16-um-08.29.59.png 1198w" sizes="(max-width: 640px) 100vw, 640px" /></a></p>
  170. <p>At the same time we saw the following warning in the log:</p>
  171. <p><a href="http://techblog.gis-ag.info/2016/11/17/ibm-connections-docs-file-preview-not-possible-for-some-ccm-pdf-files/bildschirmfoto-2016-11-15-um-12-02-38/#main" rel="attachment wp-att-2080"><img class="alignnone size-large wp-image-2080" src="http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-15-um-12.02.38-1024x36.png" alt="bildschirmfoto-2016-11-15-um-12-02-38" width="640" height="23" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-15-um-12.02.38-1024x36.png 1024w, http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-15-um-12.02.38-300x10.png 300w, http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-15-um-12.02.38-768x27.png 768w, http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-15-um-12.02.38.png 1405w" sizes="(max-width: 640px) 100vw, 640px" /></a></p>
  172. <p>The mime-type was set to “image/pcl” instead of “application/pdf”… this mime-type is not supported by IBM Docs File viewer. We had to dig deep into the customers’ environment in order to find the solution…</p>
  173. <p>If you browse to <a href="https://connections.server.com/acce">https://connections.server.com/acce</a> we filtered all files with this buggy mime-type:</p>
  174. <p><a href="http://techblog.gis-ag.info/2016/11/17/ibm-connections-docs-file-preview-not-possible-for-some-ccm-pdf-files/bildschirmfoto-2016-11-15-um-12-02-07/#main" rel="attachment wp-att-2078"><img class="alignnone size-full wp-image-2078" src="http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-15-um-12.02.07.png" alt="bildschirmfoto-2016-11-15-um-12-02-07" width="889" height="233" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-15-um-12.02.07.png 889w, http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-15-um-12.02.07-300x79.png 300w, http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-15-um-12.02.07-768x201.png 768w" sizes="(max-width: 889px) 100vw, 889px" /></a></p>
  175. <p>Testing this issue with different browsers:</p>
  176. <ul>
  177. <li><strong><em>FF – does not work</em></strong></li>
  178. <li>IE – works</li>
  179. <li>Chrome – works</li>
  180. <li>Safari – works</li>
  181. <li>Connections Desktop Plugins &#8211; works</li>
  182. </ul>
  183. <p>Our idea was that the mime-type is set based on a specific browser setting…</p>
  184. <p>Firefox has its own mime-types table definition: mimeTypes.rdf in the FF profile folder. Looking into this file we found the ambiguous entry:</p>
  185. <p><a href="http://techblog.gis-ag.info/2016/11/17/ibm-connections-docs-file-preview-not-possible-for-some-ccm-pdf-files/mime-types/#main" rel="attachment wp-att-2079"><img class="alignnone size-full wp-image-2079" src="http://techblog.gis-ag.info/wp-content/uploads/2016/11/mime-types.gif" alt="mime-types" width="579" height="240" /></a></p>
  186. <p>This seems to be a known problem:</p>
  187. <p><a href="https://support.mozilla.org/en-US/questions/932120">https://support.mozilla.org/en-US/questions/932120</a></p>
  188. <p><strong>The fix: </strong></p>
  189. <ul>
  190. <li>Close FF</li>
  191. <li>Delete the mime-types.rdf file</li>
  192. <li>Start FF (the mime-types.rdf file is recreated without the erroneous entry)</li>
  193. </ul>
  194. <p>Uploading a pdf file with this new setting creates the correct mime-type within CCM so that the file preview for CCM files starts working again.</p>
  195. <p>Unfortunately, we could not find a solution how to change the mime-type for already uploaded files (with wrong mime-type) – only re-uploading with the correct setting works here. Changing stuff in the Filenet databases is no fun <img src="https://s.w.org/images/core/emoji/2.2.1/72x72/1f609.png" alt="&#x1f609;" class="wp-smiley" style="height: 1em; max-height: 1em;" /></p>
  196. ]]></content:encoded>
  197. <wfw:commentRss>http://techblog.gis-ag.info/2016/11/17/ibm-connections-docs-file-preview-not-possible-for-some-ccm-pdf-files/feed/</wfw:commentRss>
  198. <slash:comments>0</slash:comments>
  199. </item>
  200. <item>
  201. <title>IBM Connections 5.5 CR2 released</title>
  202. <link>http://techblog.gis-ag.info/2016/11/10/ibm-connections-5-5-cr2-released/</link>
  203. <comments>http://techblog.gis-ag.info/2016/11/10/ibm-connections-5-5-cr2-released/#respond</comments>
  204. <pubDate>Thu, 10 Nov 2016 08:13:51 +0000</pubDate>
  205. <dc:creator><![CDATA[Julius Schwarzweller]]></dc:creator>
  206. <category><![CDATA[IBM Connections]]></category>
  207. <category><![CDATA[Community surveys updates]]></category>
  208. <category><![CDATA[CR2]]></category>
  209. <category><![CDATA[Filenet Fixes]]></category>
  210. <category><![CDATA[IBM Connections 5.5]]></category>
  211. <category><![CDATA[WAS 8.5.5 FP9]]></category>
  212.  
  213. <guid isPermaLink="false">http://techblog.gis-ag.info/?p=2069</guid>
  214. <description><![CDATA[IBM Connections 5.5 CR2 released Hi all, IBM released CR2 for IBM Connections 5.5: The Fix list Download the CR Database updates are mandatory (Activities, Files, Homepage, Mobile, Wikis) Filenet updates are mandatory Updates for Community Surveys (Fixes the TLS 1.2 issues) A prerequisite for CR2 is at least WAS 8.5.5 FP9 (let`s see when [&#8230;]]]></description>
  215. <content:encoded><![CDATA[<p><strong>IBM Connections 5.5 CR2 released</strong></p>
  216. <p>Hi all,</p>
  217. <p>IBM released CR2 for IBM Connections 5.5:</p>
  218. <ul>
  219. <li>The <a href="http://www-01.ibm.com/support/docview.wss?uid=swg21991630&amp;myns=swglotus&amp;mynp=OCSSYGQH&amp;mync=R&amp;cm_sp=swglotus-_-OCSSYGQH-_-R">Fix list</a></li>
  220. <li><a href="http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Collaboration%2BSolutions&amp;product=ibm/Lotus/Lotus+Connections&amp;release=5.5.0.0&amp;platform=Linux&amp;function=fixId&amp;fixids=5.5.0.0-IC-Multi-CR02-LO89068&amp;includeRequisites=1&amp;includeSupersedes=0&amp;downloadMethod=http&amp;source=fc">Download the CR</a></li>
  221. <li><a href="http://www-01.ibm.com/support/docview.wss?uid=swg21991529&amp;myns=swglotus&amp;mynp=OCSSYGQH&amp;mync=R&amp;cm_sp=swglotus-_-OCSSYGQH-_-R">Database updates</a> are mandatory (Activities, Files, Homepage, Mobile, Wikis)</li>
  222. <li><a href="http://www-01.ibm.com/support/docview.wss?uid=swg21991528&amp;myns=swglotus&amp;mynp=OCSSYGQH&amp;mync=R&amp;cm_sp=swglotus-_-OCSSYGQH-_-R">Filenet updates</a> are mandatory</li>
  223. <li><a href="http://www-01.ibm.com/support/docview.wss?uid=swg21991532&amp;myns=swglotus&amp;mynp=OCSSYGQH&amp;mync=R&amp;cm_sp=swglotus-_-OCSSYGQH-_-R">Updates for Community Surveys</a> (Fixes the TLS 1.2 issues)</li>
  224. </ul>
  225. <p>A prerequisite for CR2 is at least WAS 8.5.5 FP9 (let`s see when FP10 will be officially supported)</p>
  226. <p>A general <a href="http://www-01.ibm.com/support/docview.wss?uid=swg21992449&amp;myns=swglotus&amp;mynp=OCSSYGQH&amp;mync=R&amp;cm_sp=swglotus-_-OCSSYGQH-_-R">step-by-step</a> guide installing CR2 is provided by IBM.</p>
  227. <p>A new <a href="http://www.ibm.com/support/fixcentral/swg/quickorder?parent=Collaboration%2BSolutions&amp;product=ibm/Lotus/Lotus+Connections&amp;release=5.5.0.0&amp;platform=Linux&amp;function=fixId&amp;fixids=5.5.0.0-IC-CR2-CognosWizard-LO90612-Linux&amp;includeRequisites=1&amp;includeSupersedes=0&amp;downloadMethod=http&amp;source=fc">CR2 version</a> of the Cognos wizard can be downloaded</p>
  228. <p>If you take a look at the Fix list, there are some nice new features (I need to install CR2 first in order to have an overview about this new stuff):</p>
  229. <ul>
  230. <li>Implemented a setting that allows community owners to change the sharing of the root folder of a CCM Library via a sharing panel and/or sharing dialog very similar to the existing features for folder and file sharing. This feature is enabled by the setting &lt;librarySharingPanel&gt;true&lt;/librarySharingPanel&gt; to the library-config.xml</li>
  231. <li>Implemented a method so Administrators could remove obsolete widgets, like Media Gallery, from communities</li>
  232. <li>Improvements to the maximum size settings for uploading a file</li>
  233. <li>Added Device Passcode Configuration Support</li>
  234. <li>Include type restriction information from files-config in mobile config feed</li>
  235. <li>Added the &#8220;Open in Mobile&#8221; link for File Comment / Community Status Comment in notifications</li>
  236. <li>General improvements for TDISOL</li>
  237. </ul>
  238. <p>as there are TDISOL improvements you should also replace your TDISOL with the newest version in your IBM Connections folder.</p>
  239. <p>&nbsp;</p>
  240. ]]></content:encoded>
  241. <wfw:commentRss>http://techblog.gis-ag.info/2016/11/10/ibm-connections-5-5-cr2-released/feed/</wfw:commentRss>
  242. <slash:comments>0</slash:comments>
  243. </item>
  244. <item>
  245. <title>IBM Connections &#8211; How to switch to a custom global unique ID for users</title>
  246. <link>http://techblog.gis-ag.info/2016/11/07/ibm-connections-how-to-switch-to-a-custom-global-unique-id-for-users/</link>
  247. <comments>http://techblog.gis-ag.info/2016/11/07/ibm-connections-how-to-switch-to-a-custom-global-unique-id-for-users/#respond</comments>
  248. <pubDate>Mon, 07 Nov 2016 07:59:21 +0000</pubDate>
  249. <dc:creator><![CDATA[Julius Schwarzweller]]></dc:creator>
  250. <category><![CDATA[IBM Connections]]></category>
  251. <category><![CDATA[customUserID]]></category>
  252. <category><![CDATA[dominoUNID]]></category>
  253. <category><![CDATA[IBM Connections 5.5]]></category>
  254. <category><![CDATA[inactive users]]></category>
  255. <category><![CDATA[TDI problems]]></category>
  256. <category><![CDATA[TDI synchronization]]></category>
  257. <category><![CDATA[uniqueID]]></category>
  258.  
  259. <guid isPermaLink="false">http://techblog.gis-ag.info/?p=2052</guid>
  260. <description><![CDATA[IBM Connections &#8211; How to switch to a custom global unique ID for users Hi, many of our todays support cases is related to non-working profiles in IBM Connections. If users change their name, switch from one to another location or simply get a new account their profile in IBM Connections might get inactivated because [&#8230;]]]></description>
  261. <content:encoded><![CDATA[<p><strong>IBM Connections &#8211; How to switch to a custom global unique ID for users<br />
  262. </strong></p>
  263. <p>Hi,</p>
  264. <p>many of our todays support cases is related to non-working profiles in IBM Connections.</p>
  265. <p>If users change their name, switch from one to another location or simply get a new account their profile in IBM Connections might get inactivated because the hash key between LDAP and database has changed.</p>
  266. <p>There are three possible hash keys:</p>
  267. <ul>
  268. <li>UID: Often a bad choice, as this might change</li>
  269. <li>eMail: Also a bad choice</li>
  270. <li>GUID: Unique ID &#8211; a good choise</li>
  271. </ul>
  272. <p>So GUID is the attribute you should go for if you have non-unique eMail or UID values in LDAP.</p>
  273. <p>GUID is a canonical String that is generated from:</p>
  274. <ul>
  275. <li>AD: objectGUID / objectSID</li>
  276. <li>Domino: dominoUNID</li>
  277. </ul>
  278. <p>But in daily use the GUID value is not really as shiny as it seems&#8230; Due to the fact that many Domino administrators copy documents (STRG-C + STRG-V) duplicate dominoUNIDs can occur &#8211; which might kill an IBM Connections profile. I heard from customers with Active Directories who delete an AD account and recreate it if a person changes names&#8230; The IBM Connections profile gets inactivated.</p>
  279. <p>But some customers implemented another unique key (such as employee number) into their LDAP in order to avoid such problems. The question comes up, how do I need to configure IBM Connections to make use of this new unique ID?</p>
  280. <p>Everything is <a href="http://www.ibm.com/support/knowledgecenter/SSYGQH_5.5.0/admin/install/t_specify_dif_guid.html">documented</a> in detail and works very well (<strong><em>Please note that you should be very careful using this approach if you have CCM libraries in use &#8211; this change might break the access rights for all users!!!</em></strong>):</p>
  281. <p>1. Depending on what attribute shall be used you need to first define a wim extension:</p>
  282. <p>1.1 <strong>Attributes that are not part of PersonAccount schema</strong> &#8211; go to ../DMGR/config/cells/CELLNAME/wim/model and create a file &#8220;wimxmlextension.xml&#8221;</p>
  283. <pre class="codeblock"><code>&lt;?xml version="1.0" encoding="UTF-8"?&gt;
  284. &lt;sdo:datagraph xmlns:sdo="commonj.sdo"
  285. xmlns:wim="http://www.example.com/websphere/wim"&gt;
  286. &lt;wim:schema&gt;
  287. &lt;wim:propertySchema
  288. nsURI="http://www.example.com/websphere/wim"
  289. dataType="STRING" multiValued="false"
  290. propertyName="customerUserID"&gt;
  291. &lt;wim:applicableEntityTypeNames&gt;PersonAccount
  292. &lt;/wim:applicableEntityTypeNames&gt;
  293. &lt;/wim:propertySchema&gt;
  294. </code></pre>
  295. <p>1.2 If your customer uses a LDAP <strong>attribute that is already part of the PersonAccount schema</strong> you can directly go to 2)</p>
  296. <p>2) Open the wimconfig.xml (here we add customerUserID as an supported attribute):</p>
  297. <pre class="codeblock"><code>...
  298. &lt;config:attributeConfiguration&gt;
  299. &lt;config:attributes name="userPassword" propertyName="password"/&gt;
  300. &lt;config:attributes name="customUserID" propertyName="customUserID"/&gt;
  301. &lt;config:propertiesNotSupported name="homeAddress"/&gt;
  302. &lt;config:propertiesNotSupported name="businessAddress"/&gt;
  303. &lt;/config:attributeConfiguration&gt;
  304. </code></pre>
  305. <p>3) open and edit the LotusConnectionsconfig.xml file and add the following part:</p>
  306. <pre>&lt;sloc:serviceReference profiles_directory_service_extension_enabled="true" serviceName="directory" <strong><em>custom_user_id_attribute="customUserID"</em></strong>/&gt;
  307. </pre>
  308. <p>4) Make a full resync of all nodes<br />
  309. 5) TDI: edit the file &#8220;map_dbrepos_from_source.properties&#8221; and map the new customerUserId to GUID:<br />
  310. &#8230;<br />
  311. GUID=customerUserID<br />
  312. &#8230;</p>
  313. <p><a href="http://techblog.gis-ag.info/2016/11/07/ibm-connections-how-to-switch-to-a-custom-global-unique-id-for-users/bildschirmfoto-2016-11-06-um-12-35-43/#main" rel="attachment wp-att-2058"><img class="alignnone size-full wp-image-2058" src="http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-06-um-12.35.43.png" alt="bildschirmfoto-2016-11-06-um-12-35-43" width="582" height="414" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-06-um-12.35.43.png 582w, http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-06-um-12.35.43-300x213.png 300w" sizes="(max-width: 582px) 100vw, 582px" /></a><br />
  314. 6) TDI: open the file &#8220;profiles_tdi.properties&#8221; and change the field &#8220;sync_updates_hash_field&#8221; from:</p>
  315. <p>sync_updates_hash_field=guid</p>
  316. <p>to</p>
  317. <p>sync_updates_hash_field=uid (or mail)</p>
  318. <p><a href="http://techblog.gis-ag.info/2016/11/07/ibm-connections-how-to-switch-to-a-custom-global-unique-id-for-users/bildschirmfoto-2016-11-06-um-12-35-15/#main" rel="attachment wp-att-2059"><img class="alignnone size-full wp-image-2059" src="http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-06-um-12.35.15.png" alt="bildschirmfoto-2016-11-06-um-12-35-15" width="660" height="382" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-06-um-12.35.15.png 660w, http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-06-um-12.35.15-300x174.png 300w" sizes="(max-width: 660px) 100vw, 660px" /></a></p>
  319. <p>7) start sync_all_dns.sh and check if the profiles have been correctly updated:</p>
  320. <p>db2 &#8220;select PROF_GUID from EMPINST.EMPLOYEE&#8221; should show the new customerUserID`s</p>
  321. <p>8) Revert back the change in profiles_tdi.properties so that the sync_updates_hash_field is set back to the guid value</p>
  322. <p>sync_updates_hash_field=guid</p>
  323. <p>&nbsp;</p>
  324. <p>That`s it.</p>
  325. <p><strong>A profile with the canonical String from a dominoUNID:</strong></p>
  326. <p><a href="http://techblog.gis-ag.info/2016/11/07/ibm-connections-how-to-switch-to-a-custom-global-unique-id-for-users/bildschirmfoto-2016-11-04-um-12-48-20/#main" rel="attachment wp-att-2057"><img class="alignnone size-large wp-image-2057" src="http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-04-um-12.48.20-1024x564.png" alt="bildschirmfoto-2016-11-04-um-12-48-20" width="640" height="353" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-04-um-12.48.20-1024x564.png 1024w, http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-04-um-12.48.20-300x165.png 300w, http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-04-um-12.48.20-768x423.png 768w, http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-04-um-12.48.20.png 1080w" sizes="(max-width: 640px) 100vw, 640px" /></a></p>
  327. <p><strong>A profile with the customUserID as identifier:</strong></p>
  328. <p><a href="http://techblog.gis-ag.info/2016/11/07/ibm-connections-how-to-switch-to-a-custom-global-unique-id-for-users/bildschirmfoto-2016-11-04-um-12-50-42/#main" rel="attachment wp-att-2056"><img class="alignnone size-full wp-image-2056" src="http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-04-um-12.50.42.png" alt="bildschirmfoto-2016-11-04-um-12-50-42" width="1006" height="532" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-04-um-12.50.42.png 1006w, http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-04-um-12.50.42-300x159.png 300w, http://techblog.gis-ag.info/wp-content/uploads/2016/11/Bildschirmfoto-2016-11-04-um-12.50.42-768x406.png 768w" sizes="(max-width: 1006px) 100vw, 1006px" /></a></p>
  329. ]]></content:encoded>
  330. <wfw:commentRss>http://techblog.gis-ag.info/2016/11/07/ibm-connections-how-to-switch-to-a-custom-global-unique-id-for-users/feed/</wfw:commentRss>
  331. <slash:comments>0</slash:comments>
  332. </item>
  333. <item>
  334. <title>IBM Connections &#8211; add additional login attribute</title>
  335. <link>http://techblog.gis-ag.info/2016/10/12/ibm-connections-add-additional-login-attribute/</link>
  336. <comments>http://techblog.gis-ag.info/2016/10/12/ibm-connections-add-additional-login-attribute/#respond</comments>
  337. <pubDate>Wed, 12 Oct 2016 08:17:34 +0000</pubDate>
  338. <dc:creator><![CDATA[Julius Schwarzweller]]></dc:creator>
  339. <category><![CDATA[IBM Connections]]></category>
  340. <category><![CDATA[custom Login attribute]]></category>
  341. <category><![CDATA[IBM Connections 5.5]]></category>
  342. <category><![CDATA[loginID]]></category>
  343. <category><![CDATA[PersonAccount]]></category>
  344. <category><![CDATA[TDI]]></category>
  345. <category><![CDATA[WIM]]></category>
  346. <category><![CDATA[wimconfig.xml]]></category>
  347.  
  348. <guid isPermaLink="false">http://techblog.gis-ag.info/?p=2045</guid>
  349. <description><![CDATA[IBM Connections &#8211; add additional login attribute Hi, last week I got the question if it is possible to use another login attribute for IBM Connections than uid, cn or email. Yes, this is possible and can be done very easy. It just needs some small adjustments (I assume that you already extended your LDAP [&#8230;]]]></description>
  350. <content:encoded><![CDATA[<p><strong>IBM Connections &#8211; add additional login attribute</strong></p>
  351. <p>Hi,</p>
  352. <p>last week I got the question if it is possible to use another login attribute for IBM Connections than uid, cn or email.</p>
  353. <p>Yes, this is possible and can be done very easy. It just needs some small adjustments (I assume that you already extended your LDAP schema and that the custom attribute is available in LDAP!!):<br />
  354. 1. Open a wsadmin session ./wsadmin -lang jacl<br />
  355. 2. Make a custom login attribute from LDAP known to the PersonAccount entity:</p>
  356. <pre>$AdminTask addIdMgrPropertyToEntityTypes {-name customLoginAttribute -dataType string -entityTypeNames PersonAccount}</pre>
  357. <p>3. Open the wimconfig.xml file and check if the following entry was added correctly (in the section of your ldap definition)</p>
  358. <pre>&lt;config:attributes name="customLoginAttribute" propertyName="customLoginAttribute"&gt;
  359. &lt;config:entityTypes&gt;PersonAccount&lt;/config:entityTypes&gt;
  360. &lt;/config:attributes&gt;</pre>
  361. <p><a href="http://techblog.gis-ag.info/2016/10/12/ibm-connections-add-additional-login-attribute/bildschirmfoto-2016-10-12-um-10-11-26/#main" rel="attachment wp-att-2046"><img class="alignnone size-full wp-image-2046" src="http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-12-um-10.11.26.png" alt="bildschirmfoto-2016-10-12-um-10-11-26" width="845" height="545" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-12-um-10.11.26.png 845w, http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-12-um-10.11.26-300x193.png 300w, http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-12-um-10.11.26-768x495.png 768w" sizes="(max-width: 845px) 100vw, 845px" /></a></p>
  362. <p>4. Add the custom login attribute:<br />
  363. &#8230;</p>
  364. <pre>&lt;config:loginProperties&gt;uid&lt;/config:loginProperties&gt;
  365. &lt;config:loginProperties&gt;mail&lt;/config:loginProperties&gt;
  366. &lt;config:loginProperties&gt;cn&lt;/config:loginProperties&gt;
  367. &lt;config:loginProperties&gt;customLoginAttribute&lt;/config:loginProperties&gt;
  368. </pre>
  369. <p>5. open the file &#8220;map_dbrepos_from_source.properties and add the following mapping and start a TDI sync:</p>
  370. <pre>loginId=customLoginAttribute</pre>
  371. <p>6. Ensure that loginId is enabled as allowed login attribute in profiles-config.xml:</p>
  372. <pre>&lt;!--Lists fields that will be used to resolve user at login time --&gt;
  373. &lt;loginAttributes&gt;
  374. &lt;loginAttribute&gt;uid&lt;/loginAttribute&gt;
  375. &lt;loginAttribute&gt;email&lt;/loginAttribute&gt;
  376. &lt;loginAttribute&gt;loginId&lt;/loginAttribute&gt;
  377. &lt;/loginAttributes&gt;
  378. </pre>
  379. <p>7. Perform a full node resync and restart the cell</p>
  380. <p>Not you are able to login using the LDAP attribute customLoginAttribute <img src="https://s.w.org/images/core/emoji/2.2.1/72x72/1f609.png" alt="&#x1f609;" class="wp-smiley" style="height: 1em; max-height: 1em;" /></p>
  381. <p>&nbsp;</p>
  382. ]]></content:encoded>
  383. <wfw:commentRss>http://techblog.gis-ag.info/2016/10/12/ibm-connections-add-additional-login-attribute/feed/</wfw:commentRss>
  384. <slash:comments>0</slash:comments>
  385. </item>
  386. <item>
  387. <title>IBM Connections &#8211; Set read-only access to CCM libraries</title>
  388. <link>http://techblog.gis-ag.info/2016/10/06/ibm-connections-set-read-only-access-to-ccm-libraries/</link>
  389. <comments>http://techblog.gis-ag.info/2016/10/06/ibm-connections-set-read-only-access-to-ccm-libraries/#comments</comments>
  390. <pubDate>Thu, 06 Oct 2016 09:28:46 +0000</pubDate>
  391. <dc:creator><![CDATA[Julius Schwarzweller]]></dc:creator>
  392. <category><![CDATA[IBM Connections]]></category>
  393. <category><![CDATA[acce]]></category>
  394. <category><![CDATA[CCM]]></category>
  395. <category><![CDATA[FIlenet]]></category>
  396. <category><![CDATA[files]]></category>
  397. <category><![CDATA[IBM Connections 5.5]]></category>
  398. <category><![CDATA[migrate]]></category>
  399. <category><![CDATA[read-only]]></category>
  400.  
  401. <guid isPermaLink="false">http://techblog.gis-ag.info/?p=2034</guid>
  402. <description><![CDATA[IBM Connections &#8211; Set read-only access to CCM libraries Hi, we are in the middle of several migrations to IBM Connections 5.5 and most of our customers come up with the question: What do I need CCM for if I can use nested folders in Files now? Many customers decide to manually migration CCM libraries [&#8230;]]]></description>
  403. <content:encoded><![CDATA[<p><strong>IBM Connections &#8211; Set read-only access to CCM libraries</strong></p>
  404. <p>Hi,</p>
  405. <p>we are in the middle of several migrations to IBM Connections 5.5 and most of our customers come up with the question: What do I need CCM for if I can use nested folders in Files now?<br />
  406. Many customers decide to manually migration CCM libraries to Files&#8230; This time a customer asked us if it is possible to set access to libraries to read-only so that no new files or folders are added to CCM.</p>
  407. <p>This is possible using the following workaround (might not be supported by IBM..):</p>
  408. <ul>
  409. <li>access Filenet acce https://server.name.com/acce</li>
  410. <li>navigate to ICObjectStore and click on Security</li>
  411. <li>Mark the entry #AUTHENTICATED-USERS</li>
  412. </ul>
  413. <p><a href="http://techblog.gis-ag.info/2016/10/06/ibm-connections-set-read-only-access-to-ccm-libraries/bildschirmfoto-2016-10-06-um-10-17-15/#main" rel="attachment wp-att-2036"><img class="alignnone size-large wp-image-2036" src="http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.17.15-1024x386.png" alt="bildschirmfoto-2016-10-06-um-10-17-15" width="640" height="241" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.17.15-1024x386.png 1024w, http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.17.15-300x113.png 300w, http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.17.15-768x290.png 768w, http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.17.15.png 1267w" sizes="(max-width: 640px) 100vw, 640px" /></a></p>
  414. <ul>
  415. <li>click on &#8220;Edit&#8221;</li>
  416. </ul>
  417. <p><a href="http://techblog.gis-ag.info/2016/10/06/ibm-connections-set-read-only-access-to-ccm-libraries/bildschirmfoto-2016-10-06-um-10-17-33/#main" rel="attachment wp-att-2037"><img class="alignnone size-full wp-image-2037" src="http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.17.33.png" alt="bildschirmfoto-2016-10-06-um-10-17-33" width="567" height="399" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.17.33.png 567w, http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.17.33-300x211.png 300w" sizes="(max-width: 567px) 100vw, 567px" /></a></p>
  418. <ul>
  419. <li>Deselect
  420. <ul>
  421. <li>Modify existing objects</li>
  422. <li>Create new objects</li>
  423. <li>delete objects</li>
  424. </ul>
  425. </li>
  426. <li>select
  427. <ul>
  428. <li>Read permissions</li>
  429. </ul>
  430. </li>
  431. <li>click &#8220;OK&#8221;</li>
  432. </ul>
  433. <p><a href="http://techblog.gis-ag.info/2016/10/06/ibm-connections-set-read-only-access-to-ccm-libraries/bildschirmfoto-2016-10-06-um-10-17-43/#main" rel="attachment wp-att-2038"><img class="alignnone size-full wp-image-2038" src="http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.17.43.png" alt="bildschirmfoto-2016-10-06-um-10-17-43" width="571" height="400" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.17.43.png 571w, http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.17.43-300x210.png 300w" sizes="(max-width: 571px) 100vw, 571px" /></a></p>
  434. <ul>
  435. <li>Save the changes</li>
  436. </ul>
  437. <p>If you now try to upload a new file within an existing library you will see the following error message:</p>
  438. <p><a href="http://techblog.gis-ag.info/2016/10/06/ibm-connections-set-read-only-access-to-ccm-libraries/bildschirmfoto-2016-10-06-um-10-09-36/#main" rel="attachment wp-att-2039"><img class="alignnone size-full wp-image-2039" src="http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.09.36.png" alt="bildschirmfoto-2016-10-06-um-10-09-36" width="635" height="378" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.09.36.png 635w, http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.09.36-300x179.png 300w" sizes="(max-width: 635px) 100vw, 635px" /></a></p>
  439. <p>If you try to create a new folder:</p>
  440. <p><a href="http://techblog.gis-ag.info/2016/10/06/ibm-connections-set-read-only-access-to-ccm-libraries/bildschirmfoto-2016-10-06-um-10-14-41/#main" rel="attachment wp-att-2040"><img class="alignnone size-full wp-image-2040" src="http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.14.41.png" alt="bildschirmfoto-2016-10-06-um-10-14-41" width="535" height="308" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.14.41.png 535w, http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.14.41-300x173.png 300w" sizes="(max-width: 535px) 100vw, 535px" /></a></p>
  441. <p>Also deletion of CCM files is not possible</p>
  442. <p>The only thing that works is downloading CCM files:</p>
  443. <p><a href="http://techblog.gis-ag.info/2016/10/06/ibm-connections-set-read-only-access-to-ccm-libraries/bildschirmfoto-2016-10-06-um-10-15-29/#main" rel="attachment wp-att-2041"><img class="alignnone size-full wp-image-2041" src="http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.15.29.png" alt="bildschirmfoto-2016-10-06-um-10-15-29" width="817" height="390" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.15.29.png 817w, http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.15.29-300x143.png 300w, http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.15.29-768x367.png 768w" sizes="(max-width: 817px) 100vw, 817px" /></a></p>
  444. <p>You should also disable the Library Widget from being added to communities:</p>
  445. <p>open the widget-config.xml file and change &#8220;showInPalette&#8221; from &#8220;true&#8221; to &#8220;false&#8221;:</p>
  446. <pre>&lt;widgetDef bundleRefId="lc_clib" defId="Library" description="Library.description"
  447. helpLink="{helpSvcRef}/topic/com.ibm.lotus.connections.communities.help/c_com_library_frame.html"
  448. iconUrl="{contextRoot}/nav/common/images/ManagedFiles.png" modes="view search edit fullpage" prerequisite="ecm_files"
  449. showInExternalCommunities="false" showInPalette="true" themes="wpthemeNarrow wpthemeWide wpthemeBanner"
  450. url="{webresourcesSvcRef}/web/quickr.lw/widgetDefs/LibraryWidget_QCS_Connections.xml?etag={version}"&gt;
  451. ...
  452. </pre>
  453. <p>to:</p>
  454. <pre>&lt;widgetDef bundleRefId="lc_clib" defId="Library" description="Library.description"
  455. helpLink="{helpSvcRef}/topic/com.ibm.lotus.connections.communities.help/c_com_library_frame.html"
  456. iconUrl="{contextRoot}/nav/common/images/ManagedFiles.png" modes="view search edit fullpage" prerequisite="ecm_files"
  457. showInExternalCommunities="false" showInPalette="false" themes="wpthemeNarrow wpthemeWide wpthemeBanner"
  458. url="{webresourcesSvcRef}/web/quickr.lw/widgetDefs/LibraryWidget_QCS_Connections.xml?etag={version}"&gt;</pre>
  459. <pre>...</pre>
  460. <p>then the widget is not addable anymore.</p>
  461. <p>A manual migration is maybe not the most egegant way to move CCM data to Files but an easy and cheap one <img src="https://s.w.org/images/core/emoji/2.2.1/72x72/1f609.png" alt="&#x1f609;" class="wp-smiley" style="height: 1em; max-height: 1em;" /> &#8211; with this settings you can make this process a bit easier and you can avoid possible loss of data once the CCM service is switched off. The error messages when uploading / deleting a file or a folder are not really self explaining &#8211; you should tell your user and write a proper introduction.</p>
  462. <p>One more remark: Be sure to have administrator access to the ObjectStore and only modify the #AUTHENTICATED-USERS section:</p>
  463. <p><a href="http://techblog.gis-ag.info/2016/10/06/ibm-connections-set-read-only-access-to-ccm-libraries/bildschirmfoto-2016-10-06-um-10-17-15/#main" rel="attachment wp-att-2036"><img class="alignnone size-large wp-image-2036" src="http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.17.15-1024x386.png" alt="bildschirmfoto-2016-10-06-um-10-17-15" width="640" height="241" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.17.15-1024x386.png 1024w, http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.17.15-300x113.png 300w, http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.17.15-768x290.png 768w, http://techblog.gis-ag.info/wp-content/uploads/2016/10/Bildschirmfoto-2016-10-06-um-10.17.15.png 1267w" sizes="(max-width: 640px) 100vw, 640px" /></a></p>
  464. <p>In my case &#8220;FastStartAdmin&#8221; is the main administrator that still has write access to all content.</p>
  465. ]]></content:encoded>
  466. <wfw:commentRss>http://techblog.gis-ag.info/2016/10/06/ibm-connections-set-read-only-access-to-ccm-libraries/feed/</wfw:commentRss>
  467. <slash:comments>1</slash:comments>
  468. </item>
  469. <item>
  470. <title>WebSphere custom TAI &#8211; Doing SSO the right way</title>
  471. <link>http://techblog.gis-ag.info/2016/09/06/websphere-custom-tai-doing-sso-the-right-way/</link>
  472. <comments>http://techblog.gis-ag.info/2016/09/06/websphere-custom-tai-doing-sso-the-right-way/#respond</comments>
  473. <pubDate>Tue, 06 Sep 2016 06:50:25 +0000</pubDate>
  474. <dc:creator><![CDATA[Julius Schwarzweller]]></dc:creator>
  475. <category><![CDATA[IBM Connections]]></category>
  476. <category><![CDATA[WebSphere Portal]]></category>
  477. <category><![CDATA[Interceptor]]></category>
  478. <category><![CDATA[OAuth]]></category>
  479. <category><![CDATA[SAML]]></category>
  480. <category><![CDATA[Single-Sign-On]]></category>
  481. <category><![CDATA[SPNEGO]]></category>
  482. <category><![CDATA[SSO]]></category>
  483. <category><![CDATA[TAI]]></category>
  484. <category><![CDATA[Trust Association]]></category>
  485. <category><![CDATA[WebSphere TAI]]></category>
  486.  
  487. <guid isPermaLink="false">http://techblog.gis-ag.info/?p=1992</guid>
  488. <description><![CDATA[WebSphere TAI &#8211; Doing SSO the right way Hi all, one thing on my &#8220;to do blog posts&#8221; list is to write something about WebSphere TAI. A great way to introduce Single-Sign On between different systems. What is TAI? WebSphere TAI means &#8220;Trust Association Interceptor&#8221; WebSphere TAI is a well-known and proven security concept in [&#8230;]]]></description>
  489. <content:encoded><![CDATA[<p><strong>WebSphere TAI &#8211; Doing SSO the right way</strong></p>
  490. <p>Hi all,</p>
  491. <p>one thing on my &#8220;to do blog posts&#8221; list is to write something about WebSphere TAI. A great way to introduce Single-Sign On between different systems.</p>
  492. <p><em><strong>What is TAI?</strong></em></p>
  493. <p>WebSphere TAI means &#8220;Trust Association Interceptor&#8221;</p>
  494. <p>WebSphere TAI is a well-known and proven security concept in WebSphere stable for a long time. It allows to set up custom advanced (pseudo) SSO scenarios. And the clue is it is extremely easy to code and use.</p>
  495. <p>The base idea is that the TAI code is called whenever a web user is challenged to login.</p>
  496. <p>In many cases not only one TAI is configured. In this case it is up to the TAI developer to make sure that only one of them handles the request. If no TAI handles the request the default login page raises.</p>
  497. <p><em><strong>Where is a TAI used?</strong></em></p>
  498. <p>You might have already realized that also standard installations of IBM Connections or WebSphere Portal use Trust Association Interceptors to allow Single-Sign-On using various methods such as:</p>
  499. <ul>
  500. <li>OAUTH</li>
  501. <li>SPNEGO (deprecated)</li>
  502. <li>SAML</li>
  503. <li>custom &#8230;</li>
  504. <li>&#8230;</li>
  505. </ul>
  506. <p>Example SAML TAI configuration:</p>
  507. <p><a href="http://techblog.gis-ag.info/2016/09/06/websphere-custom-tai-doing-sso-the-right-way/saml1-2/#main" rel="attachment wp-att-1993"><img class="alignnone size-full wp-image-1993" src="http://techblog.gis-ag.info/wp-content/uploads/2016/09/SAML1.png" alt="SAML1" width="903" height="475" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/09/SAML1.png 903w, http://techblog.gis-ag.info/wp-content/uploads/2016/09/SAML1-300x158.png 300w, http://techblog.gis-ag.info/wp-content/uploads/2016/09/SAML1-768x404.png 768w" sizes="(max-width: 903px) 100vw, 903px" /></a></p>
  508. <p><em><strong>How does it work?</strong></em></p>
  509. <p>Sample flow how a TAI authentication may be implemented (there are also other possibilities and ways)</p>
  510. <p><a href="http://techblog.gis-ag.info/2016/09/06/websphere-custom-tai-doing-sso-the-right-way/bildschirmfoto-2016-09-05-um-19-48-15/#main" rel="attachment wp-att-2005"><img class="alignnone size-large wp-image-2005" src="http://techblog.gis-ag.info/wp-content/uploads/2016/09/Bildschirmfoto-2016-09-05-um-19.48.15-1024x617.png" alt="Bildschirmfoto 2016-09-05 um 19.48.15" width="640" height="386" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/09/Bildschirmfoto-2016-09-05-um-19.48.15-1024x617.png 1024w, http://techblog.gis-ag.info/wp-content/uploads/2016/09/Bildschirmfoto-2016-09-05-um-19.48.15-300x181.png 300w, http://techblog.gis-ag.info/wp-content/uploads/2016/09/Bildschirmfoto-2016-09-05-um-19.48.15-768x463.png 768w, http://techblog.gis-ag.info/wp-content/uploads/2016/09/Bildschirmfoto-2016-09-05-um-19.48.15.png 1556w" sizes="(max-width: 640px) 100vw, 640px" /></a></p>
  511. <p>1.The user calls a website and authenticates on the given login-form</p>
  512. <p>2.The authentication service checks the LDAP if the given credentials are valid</p>
  513. <p>3.A Cookie (authentication Token) is generated that may contain:</p>
  514. <ol>
  515. <li>username</li>
  516. <li>timestamp of request</li>
  517. <li>a shared secret</li>
  518. </ol>
  519. <p>and other security relevant information. The content of this cookie is encoded. The cookie is sent to the configured WebSphere Application Server with the activated TAI</p>
  520. <p>4. The deployed TAI received this token and evaluated if the request is trustable:</p>
  521. <ol>
  522. <li>Where does the request come from (X-Forwarded-For information in request) &#8211; does the request come from the authentication proxy? If not the request is not valid!</li>
  523. <li>Does the timestamp match?</li>
  524. <li>Does the shared secret match?</li>
  525. </ol>
  526. <p>If all of the above conditions match, the TAI trusts and logs in the user.</p>
  527. <p>There are many other possibilities how to implement a TAI!!! Note that the Cookie that contains sensitive information will never leave the &#8220;company network&#8221;. The cookie is not sent to the client. It is only visible between authentication proxy and WebSphere Application Server (this may not work with every authentication service&#8230;)</p>
  528. <p><em><strong>How to install and activate?</strong></em></p>
  529. <p>The installation and activation is quite simple. In our example the TAI only consists of a jar file that needs to be placed in the &#8220;&#8230;/WebSphere/AppServer/lib/ext&#8221; folder of the WebSphere nodes. After a restart of the server, the jar file is loaded.</p>
  530. <p>Now you need to activate the TAI or let`s say tell WebSphere Application Server to use the TAI.<br />
  531. GoTo ISC:</p>
  532. <p>&#8220;Global Security&#8221; &#8211; &#8220;Web and SIP Security&#8221; &#8211; &#8220;Trust Association&#8221;</p>
  533. <p><a href="http://techblog.gis-ag.info/2016/09/06/websphere-custom-tai-doing-sso-the-right-way/tai2/#main" rel="attachment wp-att-1996"><img class="alignnone size-full wp-image-1996" src="http://techblog.gis-ag.info/wp-content/uploads/2016/09/TAI2.png" alt="TAI2" width="1001" height="220" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/09/TAI2.png 1001w, http://techblog.gis-ag.info/wp-content/uploads/2016/09/TAI2-300x66.png 300w, http://techblog.gis-ag.info/wp-content/uploads/2016/09/TAI2-768x169.png 768w" sizes="(max-width: 1001px) 100vw, 1001px" /></a></p>
  534. <p>Make sure &#8220;Enable trust association&#8221; is checked. Then click on Interceptors</p>
  535. <p><a href="http://techblog.gis-ag.info/2016/09/06/websphere-custom-tai-doing-sso-the-right-way/tai3/#main" rel="attachment wp-att-1997"><img class="alignnone size-full wp-image-1997" src="http://techblog.gis-ag.info/wp-content/uploads/2016/09/TAI3.png" alt="TAI3" width="560" height="320" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/09/TAI3.png 560w, http://techblog.gis-ag.info/wp-content/uploads/2016/09/TAI3-300x171.png 300w" sizes="(max-width: 560px) 100vw, 560px" /></a></p>
  536. <p>Click on &#8220;New&#8230;&#8221;</p>
  537. <p><a href="http://techblog.gis-ag.info/2016/09/06/websphere-custom-tai-doing-sso-the-right-way/tai4/#main" rel="attachment wp-att-1998"><img class="alignnone size-full wp-image-1998" src="http://techblog.gis-ag.info/wp-content/uploads/2016/09/TAI4.png" alt="TAI4" width="520" height="69" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/09/TAI4.png 520w, http://techblog.gis-ag.info/wp-content/uploads/2016/09/TAI4-300x40.png 300w" sizes="(max-width: 520px) 100vw, 520px" /></a></p>
  538. <p>And enter the mandatory custom properties (this heavily depends on how you code your TAI and what additional functions you use there):</p>
  539. <p><a href="http://techblog.gis-ag.info/2016/09/06/websphere-custom-tai-doing-sso-the-right-way/tai5/#main" rel="attachment wp-att-1999"><img class="alignnone size-full wp-image-1999" src="http://techblog.gis-ag.info/wp-content/uploads/2016/09/TAI5.png" alt="TAI5" width="829" height="283" srcset="http://techblog.gis-ag.info/wp-content/uploads/2016/09/TAI5.png 829w, http://techblog.gis-ag.info/wp-content/uploads/2016/09/TAI5-300x102.png 300w, http://techblog.gis-ag.info/wp-content/uploads/2016/09/TAI5-768x262.png 768w" sizes="(max-width: 829px) 100vw, 829px" /></a></p>
  540. <p>Those values need to match the values, ips &#8230; you specified on you logon device!</p>
  541. <p>Restart the server and check if it works</p>
  542. <p><em><strong>Some code samples</strong></em></p>
  543. <p>From a developer perspective a TAI implments an interface with two methods.</p>
  544. <pre>public boolean isTargetInterceptor(HttpServletRequest request) {
  545. boolean doHandleRequest = checkToken(request);
  546. return doHandleRequest;</pre>
  547. <p>This method is called before a user is challenged to login. Typically this method is implemented in the way that a token a Cookie a request parameter or something else is in the request from which the user can be identified.<br />
  548. It returns true if the parameter is in the request otherwise returns false.</p>
  549. <p>If this method returned true, a second method is called later in the login process.</p>
  550. <pre>public TAIResult negotiateValidateandEstablishTrust(HttpServletRequest request, HttpServletResponse response)
  551. throws WebTrustAssociationFailedException {
  552.  
  553. String userId = myTokenHandler.getUserId(request);
  554. if (userId == null) {
  555. return redirectToLoginPage(request, response);
  556. }
  557. else {
  558. Subject subject = createSubjectForUserId(userId);
  559. }
  560. }
  561. </pre>
  562. <p>This method then identifies the user using the given request data for example against a remote repository. After this a user subject is created and the request is forwarded to the original target URL. And voila the user is authenticated.<br />
  563. There are several options to achieve this for example read the subject from the underlying user repository modify additional user attributes add the user to an additional group. In this simple example we created the user subject for our own:</p>
  564. <pre>private Subject createSubjectForUserId(String userId) throws Exception {
  565.  
  566. Subject subject = new Subject();
  567. Principal principal = new UsernamePrincipal(userid);
  568. subject.getPrincipals().add(principal);
  569. return subject;
  570. </pre>
  571. <p>Note that implementing a custom TAI is a powerful thing you have to be careful not to break the security of an environment.</p>
  572. ]]></content:encoded>
  573. <wfw:commentRss>http://techblog.gis-ag.info/2016/09/06/websphere-custom-tai-doing-sso-the-right-way/feed/</wfw:commentRss>
  574. <slash:comments>0</slash:comments>
  575. </item>
  576. </channel>
  577. </rss>
  578.  
  579. <!-- Dynamic page generated in 0.973 seconds. -->
  580. <!-- Cached page generated by WP-Super-Cache on 2017-03-23 14:15:17 -->
  581.  

If you would like to create a banner that links to this page (i.e. this validation result), do the following:

  1. Download the "valid RSS" banner.

  2. Upload the image to your own server. (This step is important. Please do not link directly to the image on this server.)

  3. Add this HTML to your page (change the image src attribute if necessary):

If you would like to create a text link instead, here is the URL you can use:

http://www.feedvalidator.org/check.cgi?url=http%3A//techblog.gis-ag.info/feed/

Copyright © 2002-9 Sam Ruby, Mark Pilgrim, Joseph Walton, and Phil Ringnalda