Tuesday, September 24, 2013

IBM Connections 4 - SPNEGO ain't working

This was a blast from the past for me, having been away from IBM Connections and WebSphere Portal for nearly a year.

I took a call from a customer with whom I worked in 2010-12, who was finding that SPNEGO-based Single Sign-On was NOT working for IBM Connections 4, even though it WAS working for WebSphere Portal 8, both of which run on WAS 8, and use the same Active Directory infrastructure.

In essence, they accessed any protected URL in Connections, but found that the HTTP 401 Authenticate/Negotiate response was never issued.

I made a few suggestions on the call, including referencing back to my Connections/SPNEGO/AD presentation: -


including enabling tracing to see what's going on.

I also raised a question about DNS and reverse lookups ( IP addresses to hostnames ) as I know that had caused a problem in the past.

Later in the day, I received an email from my customer, with some good news - he'd fixed it, and it's all now working.

They enabled tracing, and could see the following in the logs: -

[24/09/13 14:23:17:458 BST] 00000081 WebAuthentica <  handleSSO: (null) Exit
[24/09/13 14:23:17:458 BST] 00000081 WebAuthentica 3   handleSpnegoWebAuthentication was skipped.

which made no sense, as the URL was definitely protected, and yet they were falling back to the fallback login page: - 

[24/09/13 14:23:17:458 BST] 00000081 WebAuthentica >  handleCustomLogin Entry
[24/09/13 14:23:17:458 BST] 00000081 WebAuthentica 3   Form based login is configured for the resource
[24/09/13 14:23:17:458 BST] 00000081 WebAuthentica >  getFormURL Entry


When they accessed an unprotected URL ( one not being protected by SPNEGO ), they could see a log entry acknowledging that the URL was to be skipped.

They then removed all of the SPNEGO filters e.g.

request-url!=noSPNEGO;
request-url!=/mobile;
request-url!=/nav;
request-url!=/bundles/js;
request-url!=/static

 validating them by reformatting the list in Notepad, and then identified the problem - they had: -

requesturl

rather than: -

request-url

:-)

Thanks to Dave and his team for sharing the problem and, better still, the solution :-)

Monday, September 23, 2013

Book Review - Shortcuts to Success: Project Management in the Real World - Second Edition

This is the second edition of Elizabeth Harrin's excellent book on project management, the first of which I read a few years back.

Whilst I've never been interested in switching disciplines per se, I find it useful to maintain a working knowledge of the Project Management profession, especially as I've worked with so many good PMs over the years, most recently since I've worked in SWG Services.

This is the second PM book that I've reviewed in the past few months, with John Turner's A Project in your Pocket here on the blog back in July.

In Shortcuts to Success, Elizabeth has provided a really useful cookbook for PMs of all levels, whether new to the profession, or experienced practitioners.

This is a relatively short book - ~200 pages - and is chock-full of references, case studies and quotations. Each short chapter is clear and concise, focusing on a specific area of the discipline. It's not quite pocket-sized, but I'm absolutely certain that there's an ebook version for the ebook readers out there.

The covers all the important aspects of project management, from budgeting, through scope and people management, to teaming, collaboration and documentation.

As you can imagine, with my background in collaboration, some of my favourite chapters include those that focus on mentoring, matrix management, collaborative document management, and experience sharing.

Each chapter includes one or more case studies, hence the "real world" title, which are used to illustrate the particular point that Elizabeth is seeking to make.

The book is clearly based upon experience, both of the author and the contributors, which makes it a useful reference into which anyone involved in project delivery can, and, in my view, should, dip.

I strongly recommend this book to anyone working in a project delivery role, regardless of age, discipline and experience.


BT Home Hub 3 and Cisco VPN - Clamp Those Ports, Baby

This morning, I was struggling to get a Cisco VPN client ( Version 5.0.07.0410 ) to connect to its target VPN server, even though I'd previously used it - ON A DIFFERENT NETWORK.

Thanks to a quick Google search, I found reference to a Port Clamping setting within my BT Home Hub's configuration screen: -


Once I enabled this ( no restart required ), it worked like a dream, and I was up and running in no time at all.

Thanks, Google :-)

Updating WAS JDBC Data Source Passwords - Don't forget to reboot

In the words of The IT Crowd ( back on for a final time on September 27 ), "Have you tried turning it off and on again?".

As part of a normal password expiration process, we needed to update the JDBC Data Source passwords ( actually, the Java2 Authentication Aliases = J2C Aliases ) for a BPM Standard 7.5.1Process Server installation.

Having changed the passwords, remembering to add a comment indicating when and who, I tested the JDBC data sources, which immediately failed with: -

The test connection operation failed for data source LocalZoneDB on server nodeagent at node gbrdsr000000918_base with the following exception: java.sql.SQLException: [jcc][t4][2013][11249][3.61.65] Connection authorization failure occurred. Reason: User ID or Password invalid. ERRORCODE=-4214, SQLSTATE=28000DSRA0010E: SQL State = 28000, Error Code = -4,214. View JVM logs for further details.

The test connection operation failed for data source LocalZoneDB on server nodeagent at node gbrdsr000000917_base with the following exception: java.sql.SQLException: [jcc][t4][2013][11249][3.61.65] Connection authorization failure occurred. Reason: User ID or Password invalid. ERRORCODE=-4214, SQLSTATE=28000DSRA0010E: SQL State = 28000, Error Code = -4,214. View JVM logs for further details.


Hmmm, I thought - what have I missed ?

Initially, I restarted the Deployment Manager ( from where I was running the Test Connection ), but to no avail.

I then checked and rechecked the passwords that I'd entered via the Integrated Solutions Console GUI, by comparing them to the encoded passwords here: -

/opt/IBM/WAS/wasadmin1/app/profiles/dmgr/config/cells/ProcServ02Cell/security.xml

and confirmed that they were all exactly as I'd intended to enter them.

I then asked the DBA to validate the passwords; again, they worked perfectly ( he was testing from the DB2 server using su - for the respective user ID ).

Finally ……

I restarted the Node Agents :-)

And…. guess what ….. ?

It worked.

Why, I hear you cry ?

Because the JDBC Data Source Test Connection process, whilst initiated by the Deployment Manager, actually runs in the Node Agent JVM, hence the need for the restart :-)


 



Thursday, September 19, 2013

IBM BPM Standard 7.5.1.1 - Problem importing snapshots into a Process Server

So I've been doing a lot of work with BPM snapshots and scripting recently.

This time around I was looking to install a snapshot to an offline Process Server, as follows: -

$ cd /opt/IBM/WAS/wasadmin1/app/profiles/dmgr/bin
./wsadmin.sh -host processserver.uk.ibm.com -port 43003 -user tw_admin -password passw0rd -lang jython -p /home/wasadmin1/davehay_soap_override.props
wsadmin> AdminTask.BPMInstallOfflinePackage('[-inputFile /home/wasadmin1/LR2R3_1.zip]')

 which (sadly) failed with: -

WASX7015E: Exception running command: "AdminTask.BPMInstallOfflinePackage('[-inputFile /home/wasadmin1/LendingR2R3.twx]')"; exception information:
java.lang.Exception: java.lang.Exception: java.lang.NullPointerException


Want to know what was wrong ?

I was trying to install the actual TWX file, rather than the ZIP file that contains the TWX file ( as generated by BPMCreateOfflinePackage and BPMExtractOfflinePackage ).

What a muppet :-)

Featured documents for the IBM Business Process Manager products including WebSphere Process Server, WebSphere Enterprise Service Bus, and WebSphere Lombardi Edition

Again, this popped into my inbox, following an interaction with IBM Support over a PMR for the IBM BPM product: -

This document features the most requested documents as well as those identified as valuable in helping answer your questions related to the IBM Business Process Manager (BPM) products including WebSphere Process Server (WPS), WebSphere Enterprise Service Bus (WESB), and WebSphere Lombardi Edition (WLE).

<snip>
In the Spotlight 

• Follow IBM_BPM on Twitter! 
Follow us to receive timely updates on IBM Business Process Manager products, WebSphere Process Server, WebSphere Enterprise Service Bus, and WebSphere Lombardi Edition. Over 3,000 Twitter accounts already follow us. Do you? The following information was in some of our top tweets:
IBM Business Process Management V8.5 products are available 
The IBM Business Process Management V8.5 suite of products are available as of June 14, 2013. Download the files by clicking the links in this document.
Data querying takes a long time and process server database tables are using too much disk space with WebSphere Lombardi Edition (WLE) and the IBM Business Process Manager (BPM) products 
You see long query times on business process definition (BPD) and Task tables, and your process server database tables are occupying too much disk space.
Configuring SSL for IBM Business Process Manager (BPM) V7.5.x 
The Information Center is missing a description of the steps to configure Secure Sockets Layer (SSL) communication between product components.
How can I delete a large number of failed events at once for WebSphere Process Server (WPS)? 
The Failed Event Manager (FEMgr) shows a large number of failed events. The failed events must be deleted. Using the "Clear All" button in the Failed Event Manager application, different exceptions (transaction timeouts, OutOfMemoryExceptions etc.) occur. A smaller number of failed events can be selected and deleted at once without problems.
• Follow the IBM Business Process Management Products Support Blog! 
This blog provides technical information for the business process management family of products. The following blog entries represent some of the recent entries in the blog. You might want to check them out!
</snip>

Wednesday, September 18, 2013

IBM BPM - Getting a list of installed Toolkits

My client asked me how they could get a list of installed Toolkits without needing to paste through pages of UI.

I checked the IBM BPM Information Center: -


specifically: -


which provides the following REST endpoint URL: -

/rest/bpm/wle/v1/toolkit

I tried this on one of our Process Center boxes: -

https://process-center.uk.ibm.com/rest/bpm/wle/v1/toolkit

and got back an XML document listing all of the toolkits: -

<?xml version="1.0" encoding="UTF-8" standalone="yes" ?>
- <bpm:ResponseData xmlns:bpm="http://rest.bpm.ibm.com/v1/data" xmlns:ex="http://rest.bpm.ibm.com/v1/data/exception">
  <status>200</status>
- <data xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sys="http://rest.bpm.ibm.com/v1/data/system" xsi:type="sys:ProcessApps">
- <processAppsList>
  <ID>2066.1b351583-e5cb-43b7-baee-340a63130ea7</ID>
  <shortName>TWSYS</shortName>
  <name>System Data</name>
  <description>Teamworks System Data</description>
  <lastModifiedBy>tw_admin</lastModifiedBy>
  <lastModified_on>2013-06-25T09:49:16Z</lastModified_on>
  </processAppsList>
- <processAppsList>
  <ID>2066.9715841f-b0f3-4e32-9db0-708f8bd3e93a</ID>
  <shortName>PTK</shortName>
  <name>Processes and Tasks</name>
  <description>A toolkit for interfacing with the Javascript API for retrieval of generic information about Processes Instances and Tasks.</description>
  <lastModifiedBy>tw_admin</lastModifiedBy>
  <lastModified_on>2013-07-23T09:46:00Z</lastModified_on>
  <defaultVersion>Main</defaultVersion>
  </processAppsList>
- <processAppsList>

... 

which is useful.

:-)