Changing Websphere Portal context root

I must remember that when changing the Portal context root to REMOVE THE WINDOWS SERVICE .. if you don’t it WILL fail …

so

Step 1 – REMOVE THE WINDOWS SERVICE

Step 2 – change the context root – Edit wkplc.properties file (in ConfigEngine/properties, change WpsContextRoot from wps to < context of your choice >

Step 3 – run ConfigEngine.bat modify-servlet-path –DPortalAdminPwd=password –DWasPassword=password – where password is the Portal / Was Admin passwords

Step 4 – regen and re prop the WebServer plugin file

Step 5 – re-add the service, restart portal and away you go

This note is mainly for my benefit as I ALWAYS forget to remove the windows service !!!!

Issues with TAM and Connections – SOLVED

Issues with TAM and Connections

For those of you that follow me on Twitter you will all know that I have had huge issues with Connections and TAM integration.
I am pleased to report that the issue is now resolved – Instructions below:

Created the transparent junctions as per the info center
Created the ACL defs as per the info center
Created default acl – connectionsdefaultacl and attached to junctions as per the info center
Created additional acl – connectionsacl as per the info center

Resources that do not require authentication which should have connectionsacl applied

/activities/images – Information present in the Lotus Connections wiki but not the official IBM Infocenter documentation.
/files/basic/anonymous/atom – Information present in the Lotus Connections wiki but not the official IBM Infocenter documentation.
/files/form/anonymous/atom – Missing from ALL official IBM documentation

Resources that require basic authentication which should have connectionsacl applied

/blogs/blogsapi – Information present in the Lotus Connections wiki but not the official IBM Infocenter documentation.
/blogs/blogsfeed – Information present in the Lotus Connections wiki but not the official IBM Infocenter documentation.
/communities/dsx – Missing from ALL official IBM documentation
/profiles/dsx – Missing from ALL official IBM documentation

Applied the require forms authentication which should have connectionsdefaultacl applied as per the info center
Created dynurl file as per the info center and applied connectionsacl to /blogs/blogsfeed, /blogs/blogsapi
Edited the web seal config added dynurl-allow-large-posts = yes, forms-auth = https or both, use-same-session = yes
Add the filter types as per the info center
Adding FQDN of load balanced TAM server virtual host – web-host-name = tam.your.domain.com
Import the connectionsAdmin user into TAM via the Web Portal Manager or pdadmin – This step is missing from ALL official IBM documentation
Update LC config file
set dynamic host enabled to “true” and the href/ssl_href to FQDN of load balanced TAM server virtual host i.e my.city.ac.uk
Ensure that the static href, static ssl_href and interService URLs for all services are pointing at the WebSEAL cluster i.e my.city.ac.uk
Set cusom authenticator to TAMAuthenticator and check timeout settings as per the info center
Configure the Lotus Connections directory service extensions to point to the Tivoli Access Manager server i.e setting the extension hrefs to:
http://tam.your.domain.com/ communities/dsx/ & http://tam.your.domain.com/profiles/dsx/

Lotus Connections applications will attempt to open server to server communications with other Lotus Connections applications via Tivoli Access Manager. If forms-auth has been set to https in the webseald-.conf file, then the signer certificate for WebSEAL client-side SSL communications should be added to the WebSphere trust stores – Missing from ALL official IBM documentation

Add the log out button to the HTTP server rewrite config / http config (depending on the set up)

Big thanks to Stephen Swann for the assist (@stephenjswann) – It is now deployed live and working as expected

Quickr 8.5 Portlets for Portal 6.1.5

The new Quickr 8.5 portlets for Websphere Portal version 6.1.5 have been released and is available via the solutions catalog on the Lotus Greenhouse.

It is very straight forward to set up, download and install the portlet and stick it on a page.
Configure the Places Catalog portlet and give it your

placeCenterServerURL – i.e http://your server name:port
favoritesServiceURL – i.e http://your server name:port/favourites

edit the authentication mode to use SSO or forms
1. Single-Sign-On, which is the recommend method. In order to use this method, Single-Sign-On must be pre-configured between the WebSphere Portal and the Lotus Quickr servers.
2. Form-based login. If Single-sign-On is not possible, the portlet allows the end-user to login to the remote Lotus Quickr server with user name & password. These credentiales are stored securely by the portlet for later use.

When using the portlet in the authenticated mode, a single post-installation step is required:

Using the Integrated Solutions Console (Websphere administrative console), find the “PA_Place_Center” enterprise application, and map the security role “All authenticated users” to all authenticated users.

restart and away you go ..

the only issue I have found with the SSO method of auth is that although my SSO is configured correctly between the portal and quickr servers and the portlet works I see these errors in the log :

[01/07/10 08:33:17:250 BST] 00000067 LTPAServerObj E SECJ0373E: Cannot create credential for the userdue to failed validation of the LTPA token. The exception is com.ibm.ws.security.registry.UnsupportedEntryTypeException: not USER or GROUP

[01/07/10 08:33:17:281 BST] 000000a5 LTPAServerObj E SECJ0374E: The accessID in the token contains the wrong type. It should be either user or group. The exception is com.ibm.ws.security.registry.UnsupportedEntryTypeException: not USER or GROUP

a google search finds an entry going back to WAS 6 for error SECJ0373E

SECJ0374E: The accessID in the token contains the wrong type. It should be either user or group. The exception is {0}.
Explanation This exception is unexpected. The cause is not immediately known.

ahh .. nice then 🙂 But it is working and is on our proof on concept / integration environment box, so we can start testing it in anger now ..

Big props to Mr Dave Hay (IBM Legend) for tipping me off that it is available. I will get some screen shots up on the dilftechnical website asap

This week in lotus

Just finished recorded this weeks “this week in lotus” – it was a very interesting debate this week .. as usual ran out of time .. I hope Stuart and Darren will have me back at as a guest at a later date .. great fun ..

Issues with Oracle with Connections 2.5 RESOLUTION

as posted by me on the Connections Blog earlier today :

IBM have now released new trigger code to resolve this issue.

The steps are simple

* Stop the application
* Backup the DB
* Run through the code to remove the Trigger
* Recreate the Trigger
* Start the primary server and test
* Assuming all is well start the other App Servers in the clusters

As yet IBM are unsure as to how they are going to release the fix as it falls out of the typical iFix scope.
If you are seeing this specific issue please contact the Lotus Connections Support team who will furnish you with the appropriate code to resolve the issue.
As soon as I have confirmation on how this will be distributed I will add what will hopefully be the final update to this on-going saga.

Big thanks to Kieran Reid at IBM and Andrew Frayling and his team at Cardiff Uni for assistance and support in resolving this issue. Great work all round.

Big maintenance weekend coming up

This weekend I am really going to Maintenance town on my live connections cluster.

I have the infamous DB issue to fix. Big props to Kieran Reid from IBM for all the help with this. So triggers to delete and re-add .. no bigg just have to have the system down to solve this ..

That got me thinking .. while its down I may get some other things sorted.
I have some LC config changes to make which should hopefully fix some of the issues I am seeing using Connections with TAM. Hopefully these will work straight away which will lend more power to my elbow that some TAM config changes need to take place (long story will blog when I find the solution) ..

And as we have a new shiny fix pack for connections, I am going to take the opporuinity to take the cluster over the whole weekend and get everything on before we potentially turn it lose on students.

I shall be a busy little nerd girl over the weekend but I am really looking forward to it 🙂

Quickr 8.5 J2EE Beta

Finally got my hands on a very very very Late copy of the Quickr 8.5 beta for WebSphere Portal

Pros

  • I am impressed it comes with support for oracle now straight out of the box, so no mucking about with transfering DB’s
  • It is using the one UI so it will be easy to “skin”
  • It has support for windows 2008 64bit which is always a plus in my book as I have to use my sowftware on windows VMs
  • It runs on portal 6.1.5 and is patched for was 6.1.0.29 out the box too so no worried about having to patch it as soon as you have installed

Cons
So far I have found some niggly bugs which are driving me nuts

You no longer change the portal / was / quickr admin account in the properties file you run a command to swtich them .. no problem normally EXCEPT if you have spaces in your DN’s. The script fails with an error.

I found a technote Wp-change-portal-admin-user task fails if spaces in distinguished name this applies to Portal 6.1 and is a unix/linux/solaris issue (so I am assuming a 64 bit os problem) as this is certainly the case with my windows 2008 64bit. The solution to the problem is to create a properties file and pass the peram into the command line which theoretically should work for windows – alas although it does read the properties file instead of failing as it can’t read the full dn, it now fails as it doesn’t like the quotes around the DN.

Once I have run this and it fails it breaks the quickr instance!! Although I can log in all the permissions on the places get screwed – so I can see my places but none of the content .. same goes for the admin account. Luckily having all my systems on VM’s I can just roll back the snapshot and re run the secure task .. not ideal but better than having to rebuild it from scratch.

So far I haven’t found a way around this issue so I am having to use the original quickr admin user for administration – not ideal but fine in this instance .. as this goes gold next week I have a week to work out how to fix it … no pressure then 🙂

Issues with Oracle on Solaris with Connections 2.5 UPDATE

As I posted on the Connections Blog earlier today …

At last it appears there may be a *real* fix for this .. IBM have changed the trigger code which should hopefully fix the mutating trigger issue we see when deleting files ..

I will be testing this today and if it works rolling it out to my live environment over the next week.

I will attempt to get some confirmation if this code will be fixed in all new fix packs and APARS – watch this space and hopefully some great news

At last ..

I am finally trying to sort out my website .. too lazy (and mainly lack of time) to be bothered to code up stuff or make it look pretty I have installed joomla, butchered one of the default skins and I am slowly loading it up with geeky goodness. you never know I may actually have a working website in a day or so .. but don’t hold me to that .. I am going back to work after a week off sick and have LOADS to catch up on .. but hey I am making a small effort 🙂

Nerd Geek Dork

According to the diagram I am a Geek – which is reasuring as I was worried I was a Dork ..

This nerd/dork/geek/dweeb Venn diagram should save you a lot of time and frustration in the future.

this comment summed it up perfectly

The difference between Nerds and Geeks is that Nerds specialise and Geeks like diversity. If a Nerd has a favourite subject, they aim to make themselves the authority in it, whereas Geeks don’t take it that seriously – sure, its more serious than Average Person, but not Nerderious.

image from greatwhitesnark.com