Category: WebSphere Portal

For 2017 IBM have launched a broader Cloud Champions program, Cloud Champions will have technical expertise in the following IBM Software, solutions and services: Bluemix Infrastructure(Formerly Softlayer), Bluemix, MobileFirst, DevOps (UrbanCode) Middleware (Tivoli, Rational and WebSphere), API Connect, Cognitive (Watson and Watson IOT and Cloud Managed Services. Below is a brief description of who an IBM Champion is, the benefits of becoming and IBM Champion and our extended Champion community.

What are the benefits of being an IBM Champion?

IBM Champions may receive:

  • Special visibility, recognition, and networking opportunities within IBM communities, events, and conferences
  • Participation in exclusive IBM online communities
  • Exclusive access to IBM product development teams
  • Invitations and discounts to events and conferences
  • Special recognition on their developerWorks profile: The profiles of IBM Champions have special designations, such as “IBM CHAMPION” under their name and a unique icon on their profile picture. Their profiles may also include an endorsement and notable achievements in the left column to recognize their contributions to the technical community.

Nominations are now open, so you can nominate IBM Champion’s for the following areas:

  • IBM Social Business
  • IBM Power Systems
  • IBM Analytics
  • IBM Cloud – (All Middleware Champion’s will now be under Cloud)

When: October – November
How: Click here to Nominate
Link to Champion Site: Link to nomination site

WebSphere WebSphere Portal

Working this week on a new WebSphere Portal Project.

Several content are using AngularJS and some calls to get data go to another server in another domain.

To avoid CORS we implement a reverse proxy on the IHS side.

Bellow the config of my httpd.conf.
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so

SSLProxyEngine on
KeyFile /opt/IBM/HTTPServer/bin/key.kdb
SSLStashfile /opt/IBM/HTTPServer/bin/key.sth

Proxypass /acme/products  https://anotherdomain/api/v1/products
ProxypassReverse /acme/products  https://anotherdomain/api/v1/products

AngularJS web WebSphere WebSphere Portal

To change the type of encryption using the command line, issue the following command:

idsldapmodify -p port -D  adminDN  -w  adminPW  -i  filename 

where filename contains:

dn: cn=configuration
changetype: modify
replace: ibm-slapdPWEncryption
ibm-slapdPWEncryption:  password_encryption_mechanism 

Here, the ibm-slapdPWEncryption attribute can be assigned any of the 
following values: none,aes128,aes192,aes256,crypt,sha,ssha, md5
sha224, sha256, sha384, sha512, ssha224, ssha256, ssha384, or ssha512.

To cause the updated settings to take effect dynamically, issue the following idsldapexop command:

idsldapexop -D  adminDN  -w  adminPW  -op readconfig -scope single 
        "cn=configuration" ibm-slapdPWEncryption

The information is from Knowledge Center 

WebSphere Portal

Due to security vulnerabilities in the Apache Axis V1.x libraries, IBM is removing the Axis JAR file from IBM WebSphere Portal 8.5 effective with Cumulative Fix 12. There is no product code that uses this library, but it has been on the classpath since the initial 8.5.0.0 release.
The specific JAR to be removed is “axis.jar.”

The only exposure here is the chance that custom code, in either a custom theme or a custom portlet, would be using classes from this library. If there is no custom code in your Portal installation that is using these classes, then you will have no problems. If there is custom code in your Portal installation that is using these classes, then you will see ClassNotFoundException in the log files and will see some functional problems with that code.

More information on this link

WebSphere Portal

Today i upgrade one TDI 7.1.1 JVM  to the latest fix from IBM.

The setup was easy, just unzip the file and copy to jvm directory.

When i launch an assembly line using delta.  The log file show the following error:

CTGDKE039E Error occurred when creating IBM Tivoli Directory Integrator Property store. Property store: System-Properties Exception: java.sql.SQLNonTransientConnectionException: java.net.ConnectException : Error connecting to server localhost on port 1527 with message Connection refused: connect.

The derby database was not starting, and in derby.log i found:

2016-07-06 20:44:01.917 GMT : Access denied (java.net.SocketPermission localhost:1527 listen,resolve)
java.security.AccessControlException: Access denied (java.net.SocketPermission localhost:1527 listen,resolve)

I try everything on  http://www-01.ibm.com/support/docview.wss?uid=swg21450475

The problem was related to permission. The text bellow is from https://db.apache.org/derby/releases/release-10.10.2.0.html

After upgrading to a JVM with these changes, while attempting to boot, the network server may fail and raise the following error:

access denied (“java.net.SocketPermission” “localhost:1527” “listen,resolve”) java.security.AccessControlException: access denied (“java.net.SocketPermission” “localhost:1527” “listen,resolve”)

To workaround this problem, you must bring up the network server with a security policy which includes the now required missing permission. Instead of booting the network server as:

java org.apache.derby.drda.NetworkServerControl start

boot the network server as follows:

java -Djava.security.manager -Djava.security.policy=${yourPolicyFile} org.apache.derby.drda.NetworkServerControl start

where ${yourPolicyFile} is a file containing a customized version of the policy file described in the Derby Admin Guide section titled Basic Network Server security policy. You must customize that generic policy file to fit your application. In addition, you must add the following permission to the permissions block granted to the ${derby.install.url}derbynet.jar codebase:

permission java.net.SocketPermission “localhost:${port}”, “listen”;

where ${port} should be replaced by the port number where the network server listens for incoming connection requests. By default, that is port 1527.

Solving the problem

I add  permission java.net.SocketPermission “localhost:1024-“, “listen”; to the grant session of the java.policy file and restart TDI

 

Connections Domino WebSphere WebSphere Portal

“The goal of this white paper is to explain the various administration and configuration tools offered by IBM WebSphere Portal8.5. Learn about which tool to use for
which task and about the new capabilities of WebSphere Portal 8.5, and understand differences from previous versions of WebSphere Portal. We take you through exercises for
each tool so you can learn hands-on how to use them.”

 

WebSphere Portal

I now CentOS is not supported. For several years i use CentOS without problemas with IBM Software. The information bellow is the list of packages to install on CentOS and run WebSphere Portal and Db2 on the same machine. This is a Lab machine it’s like  all in one box.

This list i got from Enio Basso wiki. and i want to get a copy 🙂

Install the following libraries on CentOS 6.x linux:

  • ksh.x86_64
  • rpm-build.x86_64
  • elfutils.x86_64
  • elfutils-libs.x86_64
  • libgcc.i686 gtk2.i686
  • PackageKit-gtk-module.i686
  • libcanberra-gtk2.i686
  • compat-libstdc++-33.i686
  • compat-libstdc++-33.x86_64
  • compat-db.x86_64
  • compat-db.i686
  • libstdc++.x86_64
  • libstdc++.i686
  • libXp.x86_64
  • libXp.i686
  • libXmu.x86_64
  • libXmu.i686
  • libXtst.x86_64
  • libXtst.i686
  • pam.x86_64
  • pam.i686
  • libXft.x86_64
  • libXft.i686
  • gtk2.x86_64
  • gtk2.i686
  • gtk2-engines.x86_64
  • gtk2-engines.i686
  • compat-libstdc++-296.i686

For CentOS run:

yum -y install ksh.x86_64 rpm-build.x86_64 elfutils.x86_64 elfutils-libs.x86_64 libgcc.i686 
yum -y install gtk2.i686 PackageKit-gtk-module.i686 libcanberra-gtk2.i686 compat-libstdc++-33.i686
yum -y install compat-libstdc++-33.x86_64 compat-db.x86_64 compat-db.i686 libstdc++.x86_64 libstdc++.i686 
yum -y install libXp.x86_64 libXp.i686 libXmu.x86_64 libXmu.i686 libXtst.x86_64
yum -y install  gtk2.x86_64 gtk2.i686 gtk2-engines.x86_64 gtk2-engines.i686
yum -y install  compat-libstdc++-296.i686 libXtst.i686 pam.x86_64 pam.i686 libXft.x86_64 libXft.i686

WebSphere Portal

This specification describes a method for surfacing customer experience digital data on a web or other digital resource as a JavaScript Object which can be used for communicating this data to digital analytics and reporting servers.
https://www.w3.org/2013/12/ceddl-201312.pdf

Uncategorized wcm web WebSphere Portal

Setup SSO with Windows Desktop is not so hard. But when things is not well documented you can get a big headake.  A customer ask to implement this SSO. The environment was a WebSphere Portal V.8.0 cluster and the user repository was AD 2012.

I setup the system following several documents from IBM and other blogs.  The SSO just not work.

Searching a log for one  solution i found the following:

DES Encryption and Kerberos Authentication:
Starting with Windows Server 2008 R2, domain controllers (and domain members) will no longer allow DES encryption for Kerberos tickets. DES encryption was cracked last millennium, so it’s time to move on to better encryption mechanisms like AES.

http://blogs.technet.com/b/askpfeplat/archive/2013/06/03/upgrade-active-directory-to-windows-server-2012-phase-1-assessment.aspx

The solution was simple:

Before AD 2008  the keytab generation was:

ktpass –out appserver1.keytab –princ HTTP/[email protected] –mapuser wastest –pass password -ptype KRB5_NT_PRINCIPAL

For AD 2012 the keytab command line must include the encryption type other than DES and one supported by WebSphere V8.0.x.

I use the following:

ktpass –out appserver1.keytab –princ HTTP/[email protected] –mapuser wastest –pass password -ptype KRB5_NT_PRINCIPAL -crypto RC4-HMAC-NT

The RC4-HMAC-NT did the trick.

This document show the step by step i follow.

 

WebSphere WebSphere Portal

There is a vulnerability in IBM WebSphere Application Server that could allow an HTTP response splitting attack in Channel.

More information on this link

portal segurança WebSphere WebSphere Portal

  1. <WAS_INSTALL_DIR>/bin/> wsadmin -conntype NONE
  2. wsadmin> securityoff
  3. wsadmin> exit
  4. Restart the servers.
  5. Enable the security from administrative console.
  6. Once the needed corrections are made, you can re-enable security in the admin console and then restart WebSphere.

 

 

WebSphere WebSphere Portal

Several versions of WebSphere Portar are vulnerable.

BM WebSphere Portal could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to resources located within web applications. An attacker could exploit this vulnerability to obtain configuration data and other sensitive information.

How to fix this vulnerability ? Go to this link from IBM

 

segurança WebSphere WebSphere Portal