In the last month I was researching how to install WebSphere Portal 8.5 in a container (Docker). Due to my commitments couldn’t finish the installation.

Today I found an article that makes the installation WebSphere Portal 9 using a container.

See the full article here

Get the DockerFiles on github -> https://github.com/digexp/ci.docker.websphere-portal

docker WebSphere Portal

XML external entity (XXE) security vulnerabilities in Apache FOP and Apache Batik affect IBM WebSphere Portal.

Apache FOP could allow a remote authenticated attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data. By using a specially-crafted SVG file. A remote attacker could exploit this vulnerability to obtain sensitive information or possibly cause a denial of service.

Read the security buletin here

WebSphere Portal

Documents for collecting troubleshooting data for IBM WebSphere Portal 8.5 and 9.0 aid in problem determination and save time resolving Problem Management Records (PMRs).

The following data collection documents contain instructions for specific components or scenarios. The wpcollector tool can be leveraged with such instructions to gather and optionally send the data. If one of the product components or scenarios below matches your symptom or the part of the product with which you are experiencing problems, follow the instructions in the associated data collection document.

 

Component: Link:
Installation/Configuration:
General 1962321
Installation 1962645
XML Configuration Interface (XMLAccess) 1451423
ConfigEngine 1968713
Configuration Wizard 1963901
Migration 1963147
Runtime Operations:
OutOfMemoryError 1316563
Crash 1316516
Performance, hang, or high CPU issues 1316528
Security/Administration:
Configuring Security 1593369
Login (including Impersonation) 1592791
Portal User Management Architecture (PUMA) 1592792
Virtual Portal 1593367
Session Management 1579527
Tivoli Access Manager Integration 1579530
Computer Associates eTrust Siteminder Integration 1243923
Step-up and Remember Me 1377161
People Finder 1458362
Credential Vault 1313734
Portal Access Control (PAC) 1450830
Directory Search / People Picker 1966956
Outbound HTTP Connection 1998965
Content Management:
Web Content Manager 1673017
Managed Pages 1960989
Syndication 1989372
Portlets/Development/Customization:
Modular-based Themes 1616359
Web Application Bridge (WAB) 1647465
JavaServer Faces (JSF) 1198110
Mobile Portal Accelerator 1673323
Struts Portlet Framework 1468819
Web Services for Remote Portlets (WSRP) 1468821
Common PIM Portlets (CPP) 1468956
Remote Cache 1468824
Script Portlet 1690618
WebDAV 1497122

 

portal WebSphere Portal

WebSphere Portal V8.0.x will be out of service  on April 30 2018.

Its time to plan the migration to 8.5 or 9.0

More information https://www-01.ibm.com/software/support/lifecycleapp/PLCDetail.wss?q45=T239753D93163X19

WebSphere Portal

If you have Basic or Advanced caching enabled in IBM® Web Content Manager, then Web Content Manager caches content artifacts independently of the cache settings that you configured for the Web Content Viewer portlet. To bypass the caching that is set in Web Content Manager, select the option Bypass Web Content Manager Caching.

This setting applies to content artifacts that are rendered in this Web Content Viewer portlet only.

This feature was added on CF11 for Portal/WCM

performance WebSphere Portal WWCM

The general procedure to create a new theme using webdav is:

1 –  connect to http://<server>:<port>/wps/mycontenthandler/dav/themelist/

2 – Copy the original theme from IBM to your disk

3 – Modify some files and them upload the files to the file store.

My team and i used this general rule for several projects but recently this kind of procedure failed.

When we copy the files back to the file store we get a permission error at the folder metadata

I raise a PMR and the L3 support will change the documentation with the following:

“Hint: With some WebDAV clients it can happen that you get an error “You need permission to perform this action”.
In this case, you have to explicitly create the root folder of the new theme with the WebDAV client first.
The metadata folder and the metadata.properties file get created automatically with default content.
You can now open the newly created folder and copy the contents of your local folder into the remote folder thus replacing the
generated meta-data.”

Obs: Before i open the PMR i tried several webdav clients, including making a copy using finder on my mac. Every client get the same error.

WebSphere Portal

When an user write the wrong name or password the Login porlet show a message to the user.

My customer has a requirement to change the default message and add a link to the registration porltet inside of this message, because only registered users with all attributes (defined by the customer) can login on the portal.

Steps :

1  – Stop Websphere Portal

2 – Clear the wp_profile\temp  and wp_profile\ws_temp

3 – Go to wp_profile\installedApps\<cellName>\PA_Login_Portlet_App.ear\login.war\WEB-INF\jsp

4 – Change the StatusMessageInclude.jspf adding what you want.

Restart Websphere Portal.

Obs: If you apply fixes or fixpacks maybe you need to change it again.

WebSphere Portal

For 2017 IBM have launched a broader Cloud Champions program, Cloud Champions will have technical expertise in the following IBM Software, solutions and services: Bluemix Infrastructure(Formerly Softlayer), Bluemix, MobileFirst, DevOps (UrbanCode) Middleware (Tivoli, Rational and WebSphere), API Connect, Cognitive (Watson and Watson IOT and Cloud Managed Services. Below is a brief description of who an IBM Champion is, the benefits of becoming and IBM Champion and our extended Champion community.

What are the benefits of being an IBM Champion?

IBM Champions may receive:

  • Special visibility, recognition, and networking opportunities within IBM communities, events, and conferences
  • Participation in exclusive IBM online communities
  • Exclusive access to IBM product development teams
  • Invitations and discounts to events and conferences
  • Special recognition on their developerWorks profile: The profiles of IBM Champions have special designations, such as “IBM CHAMPION” under their name and a unique icon on their profile picture. Their profiles may also include an endorsement and notable achievements in the left column to recognize their contributions to the technical community.

Nominations are now open, so you can nominate IBM Champion’s for the following areas:

  • IBM Social Business
  • IBM Power Systems
  • IBM Analytics
  • IBM Cloud – (All Middleware Champion’s will now be under Cloud)

When: October – November
How: Click here to Nominate
Link to Champion Site: Link to nomination site

WebSphere WebSphere Portal

Working this week on a new WebSphere Portal Project.

Several content are using AngularJS and some calls to get data go to another server in another domain.

To avoid CORS we implement a reverse proxy on the IHS side.

Bellow the config of my httpd.conf.
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so

SSLProxyEngine on
KeyFile /opt/IBM/HTTPServer/bin/key.kdb
SSLStashfile /opt/IBM/HTTPServer/bin/key.sth

Proxypass /acme/products  https://anotherdomain/api/v1/products
ProxypassReverse /acme/products  https://anotherdomain/api/v1/products

AngularJS web WebSphere WebSphere Portal

To change the type of encryption using the command line, issue the following command:

idsldapmodify -p port -D  adminDN  -w  adminPW  -i  filename 

where filename contains:

dn: cn=configuration
changetype: modify
replace: ibm-slapdPWEncryption
ibm-slapdPWEncryption:  password_encryption_mechanism 

Here, the ibm-slapdPWEncryption attribute can be assigned any of the 
following values: none,aes128,aes192,aes256,crypt,sha,ssha, md5
sha224, sha256, sha384, sha512, ssha224, ssha256, ssha384, or ssha512.

To cause the updated settings to take effect dynamically, issue the following idsldapexop command:

idsldapexop -D  adminDN  -w  adminPW  -op readconfig -scope single 
        "cn=configuration" ibm-slapdPWEncryption

The information is from Knowledge Center 

WebSphere Portal

Due to security vulnerabilities in the Apache Axis V1.x libraries, IBM is removing the Axis JAR file from IBM WebSphere Portal 8.5 effective with Cumulative Fix 12. There is no product code that uses this library, but it has been on the classpath since the initial 8.5.0.0 release.
The specific JAR to be removed is “axis.jar.”

The only exposure here is the chance that custom code, in either a custom theme or a custom portlet, would be using classes from this library. If there is no custom code in your Portal installation that is using these classes, then you will have no problems. If there is custom code in your Portal installation that is using these classes, then you will see ClassNotFoundException in the log files and will see some functional problems with that code.

More information on this link

WebSphere Portal

Today i upgrade one TDI 7.1.1 JVM  to the latest fix from IBM.

The setup was easy, just unzip the file and copy to jvm directory.

When i launch an assembly line using delta.  The log file show the following error:

CTGDKE039E Error occurred when creating IBM Tivoli Directory Integrator Property store. Property store: System-Properties Exception: java.sql.SQLNonTransientConnectionException: java.net.ConnectException : Error connecting to server localhost on port 1527 with message Connection refused: connect.

The derby database was not starting, and in derby.log i found:

2016-07-06 20:44:01.917 GMT : Access denied (java.net.SocketPermission localhost:1527 listen,resolve)
java.security.AccessControlException: Access denied (java.net.SocketPermission localhost:1527 listen,resolve)

I try everything on  http://www-01.ibm.com/support/docview.wss?uid=swg21450475

The problem was related to permission. The text bellow is from https://db.apache.org/derby/releases/release-10.10.2.0.html

After upgrading to a JVM with these changes, while attempting to boot, the network server may fail and raise the following error:

access denied (“java.net.SocketPermission” “localhost:1527” “listen,resolve”) java.security.AccessControlException: access denied (“java.net.SocketPermission” “localhost:1527” “listen,resolve”)

To workaround this problem, you must bring up the network server with a security policy which includes the now required missing permission. Instead of booting the network server as:

java org.apache.derby.drda.NetworkServerControl start

boot the network server as follows:

java -Djava.security.manager -Djava.security.policy=${yourPolicyFile} org.apache.derby.drda.NetworkServerControl start

where ${yourPolicyFile} is a file containing a customized version of the policy file described in the Derby Admin Guide section titled Basic Network Server security policy. You must customize that generic policy file to fit your application. In addition, you must add the following permission to the permissions block granted to the ${derby.install.url}derbynet.jar codebase:

permission java.net.SocketPermission “localhost:${port}”, “listen”;

where ${port} should be replaced by the port number where the network server listens for incoming connection requests. By default, that is port 1527.

Solving the problem

I add  permission java.net.SocketPermission “localhost:1024-“, “listen”; to the grant session of the java.policy file and restart TDI

 

Connections Domino WebSphere WebSphere Portal