193 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
Open Mic Webcast: IBM Domino Application Development Update
Tue, Mar 14th 2017 42
IBM Sametime V9.0.1 extends support for services, tools, and selected entitlements
Tue, Mar 14th 2017 41
IBM Notes/Domino 9.0.1 Feature Pack 8 available
Tue, Mar 7th 2017 15
IBM Notes/Domino 9.0.1 Feature Pack 8 Preliminary Release Notice
Fri, Jan 27th 2017 15
Open Mic Webcast: Configuring an IBM Domino Web Server to use Web federated Login (SAML)
Thu, Jan 19th 2017 9
Moving Android devices from unsecure to secure communication with IBM Notes Traveler
Mon, Jan 9th 2017 13
IBM Verse on premise is available in the SW catalog
Fri, Dec 30th 2016 11
Top 10
Open Mic Webcast: IBM Domino Application Development Update
Tue, Mar 14th 2017 42
IBM Sametime V9.0.1 extends support for services, tools, and selected entitlements
Tue, Mar 14th 2017 41
IBM Notes/Domino 9.0.1 Fix Pack 1 available
Wed, Apr 16th 2014 23
Error "Overflow" in IBM Notes Standard Client
Wed, Mar 19th 2014 19
IBM Notes/Domino 9.0.1 Fixpack 3 available
Wed, Jan 21st 2015 15
IBM Notes Traveler 9.0.1.7 available for download
Thu, Aug 27th 2015 15
IBM Notes/Domino 9.0.1 Feature Pack 8 Preliminary Release Notice
Fri, Jan 27th 2017 15
IBM Notes/Domino 9.0.1 Feature Pack 8 available
Tue, Mar 7th 2017 15
Moving Android devices from unsecure to secure communication with IBM Notes Traveler
Mon, Jan 9th 2017 13
IBM Notes/Domino 9.0.1 Fix Pack 1 Preliminary Release Notice
Fri, Mar 28th 2014 12


Moving Android devices from unsecure to secure communication with IBM Notes Traveler
Twitter Google+ Facebook LinkedIn Addthis Email Gmail Flipboard Reddit Tumblr WhatsApp StumbleUpon Yammer Evernote Delicious
   


IBM released a very smart way to switch Android devices to HTTPS communication with IBM Notes Traveler servers:

http://www-01.ibm.com/support/docview.wss?uid=swg21993951&myns=swglotus&mynp=OCSSYRPW&mync=E&cm_sp=swglotus-_-OCSSYRPW-_-E

Problem

Your IBM Verse for Android applications connect to your on-premises IBM Traveler server using an unencrypted HTTP connection instead of an encrypted HTTPS connection. Since the IBM Traveler server can use unencrypted HTTP connections immediately without any additional setup, some installations may have skipped the HTTPS setup procedures prior to deploying Verse for Android to users. To ensure that all your communications are encrypted, first enable HTTPS either on your IBM Traveler server or on an edge proxy. Then ensure the IBM Verse for Android app begins using the encrypted connection without requiring any manual intervention from your users.



Resolving the problem
This feature requires the following components at the specified minimum version levels:
· IBM Traveler server, version 9.0.1.15 (or later)
· IBM Verse for Android app, version 9.5.0.0 (or later)

If all the IBM Verse for Android apps have not yet upgraded to the required minimum level prior to the completion of these steps, then it is recommended you keep HTTP port 80 enabled until you can ensure all apps have been upgraded. It is not required that all users upgrade at the same time.

1. Enable your IBM Traveler server to use HTTPS. Typically, this will be the Domino server that hosts your Traveler server, but it could also be an edge proxy. If this is a Domino server, Domino 9.0.1 fp5 or later is recommended. See the following for more information on this task:

http://www.ibm.com/support/knowledgecenter/SSKTMJ_9.0.1/admin/conf_settingupsslonadominoserver_t.html

Also reference the article Securing connections for IBM Traveler mobile applications for the latest updates on security requirements for IBM Traveler servers and mobile apps.

2. Update the "External Server URL" field on the Traveler server to change the current server URL to start with “https://” instead of "http://". This can be done either through the current configuration document, by updating notes.ini, or by using the domino console. For more information, see:

http://www.ibm.com/support/knowledgecenter/SSYRPW_9.0.1/settingtheexternalserverurlforappledevices.htm

3. Before forcing all IBM Verse for Android apps to use the new URL, test the HTTPS connection to ensure that it works properly. The first test is to ensure that the HTTPS port is working properly and routing to the IBM Traveler server. You can use a web browser to easily validate this. Open a browser page, connect to your Traveler Server External URL, and login using an ID. For example, if your Traveler server External URL is https://traveler.example.com/traveler, use a web browser to connect to that page and validate that you do not see any errors.

4. Test the setup with a few devices that are connected to your IBM Traveler server using the HTTP connection. To do this, issue these commands at the domino console:

    tell traveler policy setdevice tsExternalURLEnforced=1 <deviceId> <user>
    tell traveler push flagsadd serviceability configGet <deviceId> <user>


Where <deviceId> and <user> are the device ID and user you are testing.You can obtain the <deviceId> of a user that has previously connected to the Traveler server using the command:

tell traveler show <userid>

5. Sync the test devices to ensure that the sync is working properly. From within the Verse for Android app, open Settings > Server and validate that the field called Use Secure Protocol is checked.

NOTE: Ensure that everything syncs normally and shows as secure. If you push an incorrect server URL to the mobile app, the only way to recover is to remove and reinstall the Verse app on the device.

6. After you have verified that the External Server URL is correct and your migrated device can sync, set the IBM Traveler server to enforce this property for all devices by entering the following command into the Domino server console:

    set config NTS_EXTERNAL_URL_ENFORCED=true


This command migrates the rest of your IBM Verse for Android apps (that meet the minimum level) to use your secure server URL.

7. Restart the IBM Traveler server to have the settings take effect.

8. Once all your IBM Verse for Android apps have been updated, you can disable the HTTP port on your Domino server, assuming it is not required for other applications that are using the same server.


---------------------
http://brandlrainer.blogspot.com/2017/01/moving-android-devices-from-unsecure-to.html
Jan 09, 2017
14 hits



Recent Blog Posts
42
Open Mic Webcast: IBM Domino Application Development Update
Tue, Mar 14th 2017 4:20p   Rainer Brandl
This presentation will focus on IBM's plans for the future of Domino as an application development platform. We will discuss IBM's plans for adding key functionality to Domino as well as ways to allow customers to modernize their applications for use via web and mobile devices. This presentation is key for anybody who uses Domino as an application development platform and is interested in modernizing their applications. After a presentation, attendees will be given an opportunity to ask our p
41
IBM Sametime V9.0.1 extends support for services, tools, and selected entitlements
Tue, Mar 14th 2017 4:15p   Rainer Brandl
Today IBM announced the extension of support for IBM Sametime V9.0.1 until September 2021. https://www-01.ibm.com/common/ssi/ShowDoc.wss?docURL=/common/ssi/rep_ca/3/877/ENUSZP17-0173/index.html&lang=en&request_locale=en IBM® Sametime® extends support for V9.0.1 to September 2021. Support for the following associated entitlements is also extended to September 2021: IBM Sametime Complete IBM Sametime Conference IBM Sametime Communicate IBM Sametime is a robust communications offerin
15
IBM Notes/Domino 9.0.1 Feature Pack 8 available
Tue, Mar 7th 2017 10:10p   Rainer Brandl
Today IBM release the announced Feature Pack 8 with a lot of great new features: first of all there´s a separate download for the template of the Domino NAB and the Mail template on IBM Fix Central: Template Download Move views out of databases You can move views out of databases into separate view index files (.NDX files). This feature is useful for large databases and provides the following benefits: > A smaller database file size, to avoid reaching the 64GB limitation. > Faster da
15
IBM Notes/Domino 9.0.1 Feature Pack 8 Preliminary Release Notice
Fri, Jan 27th 2017 10:20a   Rainer Brandl
IBM released a preliminary release notice about all the new functions included in Feature Pack 8 - the whole list can be found here: Notes/Domino 901 FP8 Currently FP8 is in "Gold Canditate" state... But the most interesting features are: NBP replaced with ICAA - There is no NBP (Notes Browser Plugin) shipped with 9.0.1 FP8. This has been replaced with ICAA (IBM Client Application Access). For more information, see IBM Client Application Access V1.0.1 documentation Notes Client on Linux -
9
Open Mic Webcast: Configuring an IBM Domino Web Server to use Web federated Login (SAML)
Thu, Jan 19th 2017 7:37a   Rainer Brandl
IBM is offering an Open Mic Webcast about configuring SAML authentication on a IBM Domino Web Server. Abstract This procedure ensures that an IBM Domino Web server can participate in SAML-based single sign-on (SSO). The Security Assertion Markup Language (SAML) standard allows a Domino server to trust an authentication assertion from a specified identity provider (IdP). After a presentation, attendees will be given an opportunity to ask our panel of experts questions. Throughout the event, a
14
Moving Android devices from unsecure to secure communication with IBM Notes Traveler
Mon, Jan 9th 2017 7:58a   Rainer Brandl
IBM released a very smart way to switch Android devices to HTTPS communication with IBM Notes Traveler servers: http://www-01.ibm.com/support/docview.wss?uid=swg21993951&myns=swglotus&mynp=OCSSYRPW&mync=E&cm_sp=swglotus-_-OCSSYRPW-_-E Problem Your IBM Verse for Android applications connect to your on-premises IBM Traveler server using an unencrypted HTTP connection instead of an encrypted HTTPS connection. Since the IBM Traveler server can use unencrypted HTTP connections imme
11
IBM Verse on premise is available in the SW catalog
Fri, Dec 30th 2016 11:41a   Rainer Brandl
As promised from IBM some weeks ago, IBM Verse on prem is available in the Partnerworld Software Catalog ( https://www.ibm.com/partnerworld/partnertools/eorderweb/ordersw.do ). Then you can either search for "IBM Verse" or you search for part number CJ13YML. Enjoy the download !!
6
IBM Notes SAML authentication and the error message "Single Sign-On token is expired"
Mon, Dec 5th 2016 7:18a   Rainer Brandl
Today I received an early call from a customer with the information, that no user can login to IBM Notes with the activated SAML authentication. The users received the following error message: ( Single Sign-On token is expired ) After some investigations and looking at the server console something made me perplex >> [10779:00296-591341312] 05.12.2016 15:30:16 ATTEMPT TO ACCESS SERVER by .... was denied: Single Sign-On token is expired Looking at the clock I noticed, that it´s Mond
11
Transferring an IBM xPages application to another server
Wed, Nov 30th 2016 7:52p   Rainer Brandl
Yesterday I had the issue to move an application with embedded xPages and JDBC access to a DB2 database located on an iSeries from one IBM Domino Server to another one. The transfer was not the problem, but we could not find all necessary extension libraries ( except the one from OpenNTF ), especially the JDBC feature. After some tries I recognized this feature in the "updatesite.nsf": With this option you can also move all features and plugins from another server to the new one including
10
IBM Connections "Limited Entitlement" and the Notification Center
Mon, Nov 28th 2016 11:40p   Rainer Brandl
Last week I installed an IBM Connections Limited Entitlement environment for IBM Verse and recognized the problem of the Notification center after disabling the Homepage app. You only will receive "Loading..." on activating the Notification Center. I had a small talk with a great friend from IBM ( thanks to Wickerl ) and he told me, that he has opened a PMR at IBM regarding this problem. I will update this post, if a solution is available




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition