The user synchronization is normally made via sync_all_dns script that synchronize users information from LDAP to the EMPINST.EMPLOYEE table. If you synchronize a field such as ātelephone numberā when a user edits the value in IBM Connections at next run of sync_all_dns script the change is lost. To avoid this problem you must setup the synchronization from EMPLOYEE table to LDAP by using the script process_draft_updates.sh
If you want display Portal url without context and rich state, for example :
From /wps/portal/home/shop/shoes/!ut/p/104_05dsffds90..
To /home/shop/shoes
this article explain how to do that.
The user synchronization is normally made via sync_all_dns script that synchronize users information from LDAP to the EMPINST.EMPLOYEE table. If you synchronize a field such as ātelephone numberā when a user edits the value in IBM Connections at next run of sync_all_dns script the change is lost. To avoid this problem you must setup the synchronization from EMPLOYEE table to LDAP by using the script process_draft_updates.sh
If you want display Portal url without context and rich state, for example :
From /wps/portal/home/shop/shoes/!ut/p/104_05dsffds90..
To /home/shop/shoes
this article explain how to do that.
Customize it! Make IBM Connections look your way Klaus Bild
Ā
My session at Dominopoint Days 2013 in Milano
IBM Connections offers endless customizing possibilities in order to change the platform according to your needs . In this session we will explore the many customization options available and will look at some examples like customizing the UI, notifications, blog themes, profiles or even metrics reports.
This will give you an idea of the various possibilities Connections is offering and should act as a starting point for your own customizations.
This is a session which I held at the ICSUG 2015 event in Bremen.
Installation of IBM Connections is very time consuming and lot of the work is repetitive and exactly the same on all deployments. In this session you will see how you can automate the installation of prerequisites, the installation of IBM Connections itself and finally how you can automate post install tasks. Come and see how the silence of the installers help you save a lot of your time.
MAS202 - Customizing IBM Connections - Downloadablepaulbastide
Ā
IBM Connections enables you to connect and socialize with colleagues, find experts, and quickly share and organize information to get work done. As a developer, you can leverage the IBM Connections data to provide a better experience for your users. In this session, you learn what features you can extend, leverage and use to build a compelling experience. The session highlights how best to extend and work with the IBM Connections Cloud.
This particular presentation is downloadable and missing some transition graphics which were licensed for viewing.
turn your connections out of the box instance into your own look and feel - and more
Demo files here :
http://www.dilf.me.uk/demos/CustomizeConnectionsDemo.zip
Make Your IBM Connections Deployment Your Own: Customize It!Klaus Bild
Ā
This session was held at the Engage UG Event in Breda (NL) 2014.
IBM Connections offers a lot of customization possibilities to enable you to have the platform comply to your corporate standards or exhaustive needs.
In this session we will explore all customization options available and will show you examples on customizations on UI, notifications, profiles, Richtext Editor, metric reports and more.
This will allow you to better decide what you want to customize and should offer you a technical starting point for your own customizations
IBM Presents the Notes Domino Roadmap and a Deep Dive into Feature Pack 8Teamstudio
Ā
This webinar encompasses two sessions presented at IBM Connect 2017. Adam Kesner and Barry Rosen from IBM review the latest updates on Notes/Domino and discuss the future directions and support for Notes/Domino and deliverables over the coming 12-18 months while IBM moves to a continuous delivery model. Then, Martin Donnelly and Brian Gleeson from IBM take a deep dive into the key features delivered in Feature Pack 8 including how to use the new encryption capabilities, improvements to Domino Designer, and more!
API & Custom Widgets coming in XCC next - Web Content and Custom App Extensio...TIMETOACT GROUP
Ā
Thereās an API for that..., built custom widgets, integrate applications into your Intranet with IBM Connections and XCC - Web Content and Custom App Extension for IBM Connections. See http://connections-apps.com/xcc for more information.
Customize it! Make IBM Connections look your way Klaus Bild
Ā
My session at Dominopoint Days 2013 in Milano
IBM Connections offers endless customizing possibilities in order to change the platform according to your needs . In this session we will explore the many customization options available and will look at some examples like customizing the UI, notifications, blog themes, profiles or even metrics reports.
This will give you an idea of the various possibilities Connections is offering and should act as a starting point for your own customizations.
This is a session which I held at the ICSUG 2015 event in Bremen.
Installation of IBM Connections is very time consuming and lot of the work is repetitive and exactly the same on all deployments. In this session you will see how you can automate the installation of prerequisites, the installation of IBM Connections itself and finally how you can automate post install tasks. Come and see how the silence of the installers help you save a lot of your time.
MAS202 - Customizing IBM Connections - Downloadablepaulbastide
Ā
IBM Connections enables you to connect and socialize with colleagues, find experts, and quickly share and organize information to get work done. As a developer, you can leverage the IBM Connections data to provide a better experience for your users. In this session, you learn what features you can extend, leverage and use to build a compelling experience. The session highlights how best to extend and work with the IBM Connections Cloud.
This particular presentation is downloadable and missing some transition graphics which were licensed for viewing.
turn your connections out of the box instance into your own look and feel - and more
Demo files here :
http://www.dilf.me.uk/demos/CustomizeConnectionsDemo.zip
Make Your IBM Connections Deployment Your Own: Customize It!Klaus Bild
Ā
This session was held at the Engage UG Event in Breda (NL) 2014.
IBM Connections offers a lot of customization possibilities to enable you to have the platform comply to your corporate standards or exhaustive needs.
In this session we will explore all customization options available and will show you examples on customizations on UI, notifications, profiles, Richtext Editor, metric reports and more.
This will allow you to better decide what you want to customize and should offer you a technical starting point for your own customizations
IBM Presents the Notes Domino Roadmap and a Deep Dive into Feature Pack 8Teamstudio
Ā
This webinar encompasses two sessions presented at IBM Connect 2017. Adam Kesner and Barry Rosen from IBM review the latest updates on Notes/Domino and discuss the future directions and support for Notes/Domino and deliverables over the coming 12-18 months while IBM moves to a continuous delivery model. Then, Martin Donnelly and Brian Gleeson from IBM take a deep dive into the key features delivered in Feature Pack 8 including how to use the new encryption capabilities, improvements to Domino Designer, and more!
API & Custom Widgets coming in XCC next - Web Content and Custom App Extensio...TIMETOACT GROUP
Ā
Thereās an API for that..., built custom widgets, integrate applications into your Intranet with IBM Connections and XCC - Web Content and Custom App Extension for IBM Connections. See http://connections-apps.com/xcc for more information.
Anypoint B2B enables Mule users to connect with trading partners using EDI over AS2, FTP and other protocols. It integrates seamlessly into the Mule runtime
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
Ā
JASMIN is the UKās high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERCās long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Ā
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
How Recreation Management Software Can Streamline Your Operations.pptxwottaspaceseo
Ā
Recreation management software streamlines operations by automating key tasks such as scheduling, registration, and payment processing, reducing manual workload and errors. It provides centralized management of facilities, classes, and events, ensuring efficient resource allocation and facility usage. The software offers user-friendly online portals for easy access to bookings and program information, enhancing customer experience. Real-time reporting and data analytics deliver insights into attendance and preferences, aiding in strategic decision-making. Additionally, effective communication tools keep participants and staff informed with timely updates. Overall, recreation management software enhances efficiency, improves service delivery, and boosts customer satisfaction.
Field Employee Tracking System| MiTrack App| Best Employee Tracking Solution|...informapgpstrackings
Ā
Keep tabs on your field staff effortlessly with Informap Technology Centre LLC. Real-time tracking, task assignment, and smart features for efficient management. Request a live demo today!
For more details, visit us : https://informapuae.com/field-staff-tracking/
Listen to the keynote address and hear about the latest developments from Rachana Ananthakrishnan and Ian Foster who review the updates to the Globus Platform and Service, and the relevance of Globus to the scientific community as an automation platform to accelerate scientific discovery.
Large Language Models and the End of ProgrammingMatt Welsh
Ā
Talk by Matt Welsh at Craft Conference 2024 on the impact that Large Language Models will have on the future of software development. In this talk, I discuss the ways in which LLMs will impact the software industry, from replacing human software developers with AI, to replacing conventional software with models that perform reasoning, computation, and problem-solving.
Quarkus Hidden and Forbidden ExtensionsMax Andersen
Ā
Quarkus has a vast extension ecosystem and is known for its subsonic and subatomic feature set. Some of these features are not as well known, and some extensions are less talked about, but that does not make them less interesting - quite the opposite.
Come join this talk to see some tips and tricks for using Quarkus and some of the lesser known features, extensions and development techniques.
Top Features to Include in Your Winzo Clone App for Business Growth (4).pptxrickgrimesss22
Ā
Discover the essential features to incorporate in your Winzo clone app to boost business growth, enhance user engagement, and drive revenue. Learn how to create a compelling gaming experience that stands out in the competitive market.
Code reviews are vital for ensuring good code quality. They serve as one of our last lines of defense against bugs and subpar code reaching production.
Yet, they often turn into annoying tasks riddled with frustration, hostility, unclear feedback and lack of standards. How can we improve this crucial process?
In this session we will cover:
- The Art of Effective Code Reviews
- Streamlining the Review Process
- Elevating Reviews with Automated Tools
By the end of this presentation, you'll have the knowledge on how to organize and improve your code review proces
Globus Compute wth IRI Workflows - GlobusWorld 2024Globus
Ā
As part of the DOE Integrated Research Infrastructure (IRI) program, NERSC at Lawrence Berkeley National Lab and ALCF at Argonne National Lab are working closely with General Atomics on accelerating the computing requirements of the DIII-D experiment. As part of the work the team is investigating ways to speedup the time to solution for many different parts of the DIII-D workflow including how they run jobs on HPC systems. One of these routes is looking at Globus Compute as a way to replace the current method for managing tasks and we describe a brief proof of concept showing how Globus Compute could help to schedule jobs and be a tool to connect compute at different facilities.
May Marketo Masterclass, London MUG May 22 2024.pdfAdele Miller
Ā
Can't make Adobe Summit in Vegas? No sweat because the EMEA Marketo Engage Champions are coming to London to share their Summit sessions, insights and more!
This is a MUG with a twist you don't want to miss.
A Comprehensive Look at Generative AI in Retail App Testing.pdfkalichargn70th171
Ā
Traditional software testing methods are being challenged in retail, where customer expectations and technological advancements continually shape the landscape. Enter generative AIāa transformative subset of artificial intelligence technologies poised to revolutionize software testing.
We describe the deployment and use of Globus Compute for remote computation. This content is aimed at researchers who wish to compute on remote resources using a unified programming interface, as well as system administrators who will deploy and operate Globus Compute services on their research computing infrastructure.
Check out the webinar slides to learn more about how XfilesPro transforms Salesforce document management by leveraging its world-class applications. For more details, please connect with sales@xfilespro.com
If you want to watch the on-demand webinar, please click here: https://www.xfilespro.com/webinars/salesforce-document-management-2-0-smarter-faster-better/
Enhancing Project Management Efficiency_ Leveraging AI Tools like ChatGPT.pdfJay Das
Ā
With the advent of artificial intelligence or AI tools, project management processes are undergoing a transformative shift. By using tools like ChatGPT, and Bard organizations can empower their leaders and managers to plan, execute, and monitor projects more effectively.
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
Ā
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operateāor are planning to operateābroader deployments at their institution.
Globus Connect Server Deep Dive - GlobusWorld 2024
Ā
IBM Connections mail with exchange backend
1. IBM Connections Mail
Plugin Configuration with
Exchange Backend
Michele Buccarello
4/16/2015
This document describe how to configure the IBM Connection Mail Plugin with Exchange Backend
2. IBM Connections Mail Plugin Configuration with Exchange Backend
IBM Connections Mail Plugin with Exchange Backend
Author:Michele Buccarello Page 1
Table of Contents
PREREQUISITES............................................................................................................................................ 2
WHAT THE WIKI SAYS .................................................................................................................................. 2
KERBEROS CONFIGURATION........................................................................................................................ 2
CONFIGURE THE AUTODISCOVERY SERVLET................................................................................................. 7
CERTIFICATE EXPORT ............................................................................................................................... 8
IMPORT THE SSL CERTIFICATE IN WEBSPHERE.........................................................................................11
CONFIGURE socialmail-discovery-config.xml ...........................................................................................12
TROUBELSHOOTING....................................................................................................................................13
WIDGET ARCHITECTURE..........................................................................................................................13
SERVER SIDE........................................................................................................................................14
BROWSER SIDE....................................................................................................................................14
AUTHENTICATION FLOW.........................................................................................................................14
ADDITIONAL TRACE.................................................................................................................................15
GATHERING TRACE AND DEBUG INFORMATION......................................................................................16
HTTP 400 ISSUE (negotiation header too long) ........................................................................................19
DELEGETION DOESNāT WORK ONLY IN CHROME .....................................................................................20
3. IBM Connections Mail Plugin Configuration with Exchange Backend
IBM Connections Mail Plugin with Exchange Backend
Author:Michele Buccarello Page 2
PREREQUISITES
This guide cover all configuration of IBM Connections Mail plugin with Exchange as a backend, before to
read check these requirements
1) IBM Connections 5 CR2 or later
2) IBM Connections Mail 1.6
3) Exchange server compliant with System Requirements and with Kerberos enabled. For system
requirements check http://www-01.ibm.com/support/docview.wss?uid=swg27036069
4) A good knowledge about Kerberos protocol and delegation process
5) A basic knowledge about Exchange Web Services (EWS) and autodiscovery mechanism
6) Kerberos Enabled on all Exchange server (NTLM auth works only with autodiscoery process not for
EWS )
7) A basic knowledge about Whireshark
WHAT THE WIKI SAYS
In the URL below you could find all official information about Mail Plugin configurations
http://www-01.ibm.com/support/knowledgecenter/SSVMJU_1.6.0/icm_pre-install.dita
This guide is a compendium about the configuration and authentication flow for the Exchange integration.
KERBEROS CONFIGURATION
In the official wiki the first step is configuring correctly the SPNEGO and KERBEROS authentication
mechanism as described in this link
http://www-01.ibm.com/support/knowledgecenter/SSVMJU_1.6.0/icm_spnego.dita
Before to start the SPNEGO configuration two steps are important requirement:
1) Mapping an Active Directory Account to Administrativer roles
http://www-
01.ibm.com/support/knowledgecenter/SSYGQH_5.0.0/admin/secure/t_kerb_configure_AD_accou
nmhhhbnt.dita?lang=en
2) Create a Service Principal Name and Keytab file
http://www-
01.ibm.com/support/knowledgecenter/SSYGQH_5.0.0/admin/secure/t_install_kerb_create_service
_account.dita?lang=en
You could skip the point one only if your installation is built with an active directory user, check the image
below if during your installation process in the administrator user id field you have used an user from LDAP.
4. IBM Connections Mail Plugin Configuration with Exchange Backend
IBM Connections Mail Plugin with Exchange Backend
Author:Michele Buccarello Page 3
In the wiki the point two is really detailed but if you are going to do this configuration on Windows 2012
Active Directory some extra steps are a requirement to avoid problems with Kerberos authentication:
- Windows 2012 have a strong encryption this creates problems with the Kerberos protocol because
normally the communication between the Key Distribution Center and the Domain Computer
works via UDP protocol but the UDP payload isnāt unable to contain all encrypted information
because it is really small than the TCP packet, to force the communication via TCP protocol you
must add this line inside the krb5.conf ļ udp_preference_limit = 1
- If you are going to setup Kerberos in an Active Directory Domain forest with child site and Different
Realm you must explicit all realm in the sections realms and domain_realm
- If you see error related to the KDC options you must manually set this options in the krb5.ini, in
particular with Windows 2012 I force the proxiable = false and renewable = false, this step is not a
requirement and it solve problems in the infrastructure where I setup the Kerberos authentication.
5. IBM Connections Mail Plugin Configuration with Exchange Backend
IBM Connections Mail Plugin with Exchange Backend
Author:Michele Buccarello Page 4
In the image below a full example of the krb5.ini
Below the screen about Kerberos / SPNEGO WebSphere settings.
6. IBM Connections Mail Plugin Configuration with Exchange Backend
IBM Connections Mail Plugin with Exchange Backend
Author:Michele Buccarello Page 5
7. IBM Connections Mail Plugin Configuration with Exchange Backend
IBM Connections Mail Plugin with Exchange Backend
Author:Michele Buccarello Page 6
8. IBM Connections Mail Plugin Configuration with Exchange Backend
IBM Connections Mail Plugin with Exchange Backend
Author:Michele Buccarello Page 7
In the step five you should add the generic property inside the properties tag. In my environment I
experienced some problems but more investigation are required about this generic property:
- <genericProperty name="shindig.config.container.overrides">
By default in connections 5 we have a generic property āshinding overridesā in the sections properties and
if you follow the wiki the result would be something like this
We experienced some problems with the this configuration because it seems the first property is
overwritten by the second. To avoid any strange issue we merge the two property into a big one.
Now we have successful complete all Kerberos / SPNEGO configuration.
CONFIGURE THE AUTODISCOVERY SERVLET
The autodiscovery servlet is used to discovery the mail server where the mail file is located, in particular
Exchange have the own system to give this type of information. In the wiki link we could find all information
about the autodiscovery configuration:
- http://www-01.ibm.com/support/knowledgecenter/SSVMJU_1.6.0/icm_discovery.dita
The first step described in the section 2.A says to ask the certificate to the administrator, we could export
the certificate manually from the browser. Below the screens show an export of the ibm ssl certificate, the
steps are the same for Exchange.
9. IBM Connections Mail Plugin Configuration with Exchange Backend
IBM Connections Mail Plugin with Exchange Backend
Author:Michele Buccarello Page 8
CERTIFICATE EXPORT
Click on the padlock icon, and the click on view certificates.
Click on Certification Path
10. IBM Connections Mail Plugin Configuration with Exchange Backend
IBM Connections Mail Plugin with Exchange Backend
Author:Michele Buccarello Page 9
Export the Certificate authority and the intermediate certificate ( first and second certificate)
CA Export: select the first certificate and click āview certificateā.
Check in the new window if in the certificate path there is only the CA certificate
11. IBM Connections Mail Plugin Configuration with Exchange Backend
IBM Connections Mail Plugin with Exchange Backend
Author:Michele Buccarello Page 10
Now we export the CA
In the last screen press finish to complete the export of CA certificate and close the CA window.
12. IBM Connections Mail Plugin Configuration with Exchange Backend
IBM Connections Mail Plugin with Exchange Backend
Author:Michele Buccarello Page 11
The same steps are used for the intermediate certificate the important thing is to select in the first window
under certificate path the second certificate
After click on view certificate apply the same steps to export the intermediate certificate.
At this point we need to import this certificates on the WebSphere cacertes via keytool utility.
IMPORT THE SSL CERTIFICATE IN WEBSPHERE
The commands are described in the section 2.b, below the command used
keytool -import -file cacert.cer -alias exchange_cacert -
keystore E:IBMWebSphereAppServerjavajrelibsecuritycacerts
keytool -import -file intermdiate.cer -alias exchange_intermediatecert -
keystore E:IBMWebSphereAppServerjavajrelibsecuritycacerts
the default password for cacerts file is changeit.
13. IBM Connections Mail Plugin Configuration with Exchange Backend
IBM Connections Mail Plugin with Exchange Backend
Author:Michele Buccarello Page 12
CONFIGURE socialmail-discovery-config.xml
In the wiki step three and four you need to copy the socialmail-discovery-config-template.xml
from the ConnectionsMail folder and paste it in theDMGR folder:
- WAS-root/AppServer/profiles/Dmgr01/config/cells/cell-name/LotusConnections-config
In the steps five and six are described the options, in the image below an example configuration.
14. IBM Connections Mail Plugin Configuration with Exchange Backend
IBM Connections Mail Plugin with Exchange Backend
Author:Michele Buccarello Page 13
TROUBELSHOOTING
IBM Connections Mail Plugin is a widget based on open-social gadget running on Apache Shinding widget
container. In IBM Connections, the Apache shinding implementation is contained in the
WidgetContainer.ear installed in the InfraCluster server.
The mustgather link is:
- http://www-01.ibm.com/support/docview.wss?uid=swg21677101
all websphere trace must set in the server where the widgetcontainer.ear is located.
WIDGET ARCHITECTURE
15. IBM Connections Mail Plugin Configuration with Exchange Backend
IBM Connections Mail Plugin with Exchange Backend
Author:Michele Buccarello Page 14
SERVER SIDE
IBM Connections Mail opensocial gadget use a different Ajax Proxy the name is CREAjaxProxy. This Ajax
proxy is used to send all back-end call to the Exchange EWS WebService, for example the HTTPS post with
the delegated credential are sent through the CREAjaxProxy to the Exchange Mail server.
The discovery Servlet is registered as an extension point via OSGI in the Widget Container application.
BROWSER SIDE
On the browser side all ajax call are sent via makerRequest servlet ( the apache shinding implementation of
the method gadget.makerRequest) the response of this call is a json with the backend http response code (
rc=401 for example).
AUTHENTICATION FLOW
This image shows all network calls to take the user's email from Exchange.
16. IBM Connections Mail Plugin Configuration with Exchange Backend
IBM Connections Mail Plugin with Exchange Backend
Author:Michele Buccarello Page 15
ADDITIONAL TRACE
To track all request related to:
- Widget container (CREAjaxProxy)
- Kerberos Delegation / SPNEGO
You must add this trace and JVM properties on the server where is located the WidgetContainer.ear
application.
17. IBM Connections Mail Plugin Configuration with Exchange Backend
IBM Connections Mail Plugin with Exchange Backend
Author:Michele Buccarello Page 16
GATHERING TRACE AND DEBUG INFORMATION
Before to start you need to have this requirements:
- A domain computer with WireShark and Fiddler installed
- If the domain computer is a windows 7 machine check if the klist command is available on the
command prompt, otherwise install the windows resource kit.
- Install on the Connections Server WireShark if you are in Windows or use tcpdump with the ās0
parameter to take the full payload under linux
- Enable trace on the infracluster Server and test the mail with the homepage application because is
in the same cluster of the WidgetContainer application.
1. Verify the browser settings for SPNEGO authentication
http://www-
01.ibm.com/support/knowledgecenter/SSAW57_8.5.5/com.ibm.websphere.nd.doc/ae/tsec_SPNEG
O_configweb_new.html?cp=SSAW57_8.5.5%2F1-3-0-21-3-0
2. Clear Kerberos token via klist
3. Start fiddler and WireShark on computer domain and wireshark on the server
18. IBM Connections Mail Plugin Configuration with Exchange Backend
IBM Connections Mail Plugin with Exchange Backend
Author:Michele Buccarello Page 17
4. On domain Computer put this filter
5. On Connections Server put this filter
6. Check four Kerberos request on WireShark Domain Computer
7. Check on fiddler if the request to discoveryServlet and makerRequest servlet have the right
response
19. IBM Connections Mail Plugin Configuration with Exchange Backend
IBM Connections Mail Plugin with Exchange Backend
Author:Michele Buccarello Page 18
the field rc is the HTTP response code if you get http 401 that means you are not authorized and
the delegation process doesnāt work propertly.
8. Check in the logs if there are problems on Kerberos ticket decryption
9. Check if the GSSCredential are correctly read
10. Check If the delegation process works correctly
20. IBM Connections Mail Plugin Configuration with Exchange Backend
IBM Connections Mail Plugin with Exchange Backend
Author:Michele Buccarello Page 19
11. Check if the CREAjaxProxy contact correctly the Exchange EWS WebService
HTTP 400 ISSUE (negotiation header too long)
When we try to automatically login in Connections some users receive a white page with HTTP error 400, in
this case you need to increase on all HTTP server the maximum header size if in the fiddler trace inside the
HTTP packe you saw the error header is too long inside the HTML response. This error doesnāt affect all
users for example in my case all users that had ten or more group in active directory get the HTTP 400
error, when groups became nine the SPNEGO authentication works. This happen because the header
NEGOTIATION contains the Kerberos TGT and the Microsoft privilege attribute certificate (PAC), the second
contains several logical components, including group membership data for authorization, alternate
credentials for non-Kerberos authentication protocols, and policy control information for supporting
interactive logon. To increase the header size put inside the virtualhost this apache directive:
- LimitRequestFieldSize 12392
The number is suggested inside the apache wiki http://httpd.apache.org/docs/2.2/mod/core.html. In the
image below an example configuration
21. IBM Connections Mail Plugin Configuration with Exchange Backend
IBM Connections Mail Plugin with Exchange Backend
Author:Michele Buccarello Page 20
DELEGETION DOESNāT WORK ONLY IN CHROME
Like Firefox in CHROME you must enable the delegation to have the mail plugin fully functional.
Follow the links below to enable the Kerberos delegation
- https://dev.chromium.org/administrators/policy-list-3#AuthNegotiateDelegateWhitelist