198 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
IBM Connections - APNS certificates expire Sept 20 - updates available
Thu, Sep 14th 2017 94
IBM Notes and Domino 9.0.1 Feature Pack 9 available
Fri, Aug 18th 2017 9
One More Setting to Force TLSv1.2 in Connections 6.0
Mon, Aug 14th 2017 8
IBM Technote: Customizing Default Navigation Order of Apps in Connections 6.0 Mobile App
Tue, Jul 18th 2017 3
IBM Docs 2.0 CR2 IF1 Available
Thu, Apr 27th 2017 2
IBM Docs 2.0 - CR2 Includes Fixes For Security Vulnerabilities
Thu, Apr 27th 2017 7
IBM Traveler 9.0.1.16 - A Note On Upgrading
Fri, Feb 17th 2017 6
Top 10
IBM Connections - APNS certificates expire Sept 20 - updates available
Thu, Sep 14th 2017 94
File Downloads from Connections using SPNEGO
Thu, Nov 3rd 2016 10
IBM Notes and Domino 9.0.1 Feature Pack 9 available
Fri, Aug 18th 2017 9
One More Setting to Force TLSv1.2 in Connections 6.0
Mon, Aug 14th 2017 8
IBM Connections 5.5 - Errors in SystemOut.log cleaning up HOMEPAGE database
Thu, Dec 22nd 2016 7
IBM Verse On-Premises - some thoughts after using for two weeks
Tue, Jan 17th 2017 7
IBM Docs 2.0 - CR2 Includes Fixes For Security Vulnerabilities
Thu, Apr 27th 2017 7
Initial impressions on IBM Verse On-Premises 1.0
Fri, Dec 30th 2016 6
IBM Traveler 9.0.1.16 - A Note On Upgrading
Fri, Feb 17th 2017 6
Installing Domino on Linux - Resolving missing requirements
Thu, Jan 17th 2013 4


File Downloads from Connections using SPNEGO
Twitter Google+ Facebook LinkedIn Addthis Email Gmail Flipboard Reddit Tumblr WhatsApp StumbleUpon Yammer Evernote Delicious
Ted Hardenburgh    

With IBM Connections, there are options to utilize different SSO options. One of the eaiser is using Windows Integrated Authentication, better known as SPNEGO. This uses the AD domain and the user's Windows credentials to issue a ticket that can be used to authenticate users against other resources, such as an IBM Connections site.

In some cases, this doesn't work like it should.  One example is if the user gets an email with a link to download a file stored in Connections, but hasn't yet authenticated with the site.  By default, the Files download isn't configured to support this, it relies on getting the LTPA token after authentication to serve requests.  The user gets a login page (or just the basic auth pop-up) before getting to the download page. For users that are used to never "logging in" to Connections, this can cause some anxiety and unnecessary Service Desk calls.

Here's what you can change in IBM Connections 5.5 to get File downloads to "work" as expected.  You'll need to remove the spaces between the < symbol and the following character for the XML to work. That's just so its readable here.

1 - Backup the web.xml from the profilesdmgr01configcellsapplicationsFiles.eardeploymentsFilesfiles.web.warWEB-INF folder
2 - Locate the nodes in the web.xml file and add the following:
 

< security-constraint>
< display-name>Forms< /display-name>
< web-resource-collection>
< web-resource-name>Form< /web-resource-name>
< url-pattern>/form/*< /url-pattern>
< http-method>GET< /http-method>
< http-method>PUT< /http-method>
< http-method>POST< /http-method>
< http-method>DELETE< /http-method>
< /web-resource-collection>
< auth-constraint>
< description>Form< /description>
< role-name>reader< /role-name>
< /auth-constraint>
< /security-constraint>



3 - Perform a full resynch of all nodes
4 - Restart all clusters

Also check the SPNEGO config to make sure the  url /form/anonymous/* isn’t included in the filter criteria. If it’s there, remove it, save the change and resent the nodes. SPNEGO config should be dynamic, so a restart won’t be needed.

We opened a PMR for this and we're waiting to hear if IBM is going to make this change permanent in a future release .

---------------------
http://dominothoughts.com/domthoughts/domthoughts.nsf/dx/file-downloads-from-connections-using-spnego.htm
Nov 03, 2016
11 hits



Recent Blog Posts
94
IBM Connections - APNS certificates expire Sept 20 - updates available
Thu, Sep 14th 2017 9:24p   Ted Hardenburgh
It's time to update the APNS certificates for the IBM Connections Mobile apps on your Connections installs. The current certificates expire on September 20, 2017 so there are a few days to apply the patch for your release. Follow the links in this technote to download the fix for your particular release. There's nothing like waiting until waiting until the clock almost runs out. :-)
9
IBM Notes and Domino 9.0.1 Feature Pack 9 available
Fri, Aug 18th 2017 5:47p   Ted Hardenburgh
Looks like IBM Domino and IBM Notes 9.0.1 Feature Pack 9 are available for download from Fix Central Link to all Domino downloads Link to all Notes downloads Here's a quick hit of new features available in each: Domino: The documentation in Knowledgebase will be updated with these new features to coincide with the ship date of 9.0.1 FP9 1) Enhancement Request To Be Able To Increase The Amgr Queue Beyond 100 (SPR #RSTNA4SL7C APARID: LO87242) The Agent Manager's Eligible queue i
8
One More Setting to Force TLSv1.2 in Connections 6.0
Mon, Aug 14th 2017 6:34p   Ted Hardenburgh
It appears that there is one additional setting that is needed to force IBM Connections 6.0 to use TLSv1.2. In each Application Server go to Process Definiition > Java Virtual Machine and add the following setting in the Generic JVM arguments: -Dcom.ibm.jsse2.overrideDefaultTLS=true . Save the changes and after applying to all application servers, restart the servers. Link to complete Technote
3
IBM Technote: Customizing Default Navigation Order of Apps in Connections 6.0 Mobile App
Tue, Jul 18th 2017 5:50p   Ted Hardenburgh
A technote published today outlines the ability to customize the default order of the apps displayed in the IBM Connections Mobile app. This does require IBM Connections 6.0 and the June 2017 update to be installed for the new setting to work. See this technote for the details on configuring the new setting.
2
IBM Docs 2.0 CR2 IF1 Available
Thu, Apr 27th 2017 5:58p   Ted Hardenburgh
No sooner after I publish my post about the Security Updates in CR2, do I see that there's CR2 IF1 available now as well. IBM Connections Docs 2.0 CR2 iFix 001 Release Notes This includes support for TLS v1.2, so if that' important to you - I'm looking at you externally facing servers - then you'll want to check this out. Enjoy!
7
IBM Docs 2.0 - CR2 Includes Fixes For Security Vulnerabilities
Thu, Apr 27th 2017 10:08a   Ted Hardenburgh
If you're looking for another reason to install CR2 for IBM Docs 2.0 beyond "just getting the latest", here's one: this CR includes fixes for three different security vulnerabilities. If you've got an externally facing Connections environment, I would recommend getting the update scheduled sooner rather than later. Security Bulletin: IBM Connections Docs is Vulnerable to a Denial of Service (CVE-2015-8806) Security Bulletin: IBM Connections Docs is Vulnerable to a Heap-based Buffer
6
IBM Traveler 9.0.1.16 - A Note On Upgrading
Fri, Feb 17th 2017 6:34p   Ted Hardenburgh
So IBM Traveler 9.0.1.16 is now available. We've been waiting on it to upgrade our internal server that was on an older version, mostly due to the issue that Detlev posted about in December. That is "fixed" in this release, however my experience upgrading revealed that it wasn't so much fixed as the command that you need to issue to resolve the error was enabled for use. So, after upgrading Traveler from the .12 release, the server started up and watched as the Traveler db had its desig
7
IBM Verse On-Premises - some thoughts after using for two weeks
Tue, Jan 17th 2017 8:07p   Ted Hardenburgh
We installed IBM Verse On-Premises (VOP) the day it was released. See my previous post about the installation (simple). This post will cover my impressions after having used it for two weeks as my main access point to my company email. Basic Usage: Overall, I'm pretty pleased with the VOP 1.0 release. Reading and composing emails are easy and straightforward. When new mail arrives, the browser tab adds a red dot to the Verse icon to let me know there's something new. Messages render a
3
IBM Docs - Technote on Understanding the Save, Publish and Copy options
Fri, Jan 13th 2017 6:29p   Ted Hardenburgh
This came across my feed this morning and I think it's a useful piece of information to share with users of IBM Docs. They often ask the difference between the save, auto-save, publish, auto-publish and the copy options when working on documents. This technote from IBM gives a fairly succinct explanation of what the differences are. Understanding Save, Auto-save, Publish, Auto-publish, and Copy
4
IBM Connections Files Integration with iNotes
Fri, Jan 6th 2017 5:39p   Ted Hardenburgh
Now that Verse On-Premises 1.0 is out, I was taking a look at the integration with Connections Files. I've run into an issue with that that I'm still looking at, but as part of the diagnosis, I went back to look at the Connections Files integration with iNotes to try and get some better logging. During that inspection, I came across a different issue after we've upgraded our Connections instance to 5.5 and narrowed the TLS settings. The issue in iNotes was that the client was failing wth




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition