WebSphere Portal – Page 2

Published October 14, 2016 by kenio.carvalho

Customizing IBM WebSphere Portal 8.5 login error message

When an user write the wrong name or password the Login porlet show a message to the user.

My customer has a requirement to change the default message and add a link to the registration porltet inside of this message, because only registered users with all attributes (defined by the customer) can login on the portal.

Steps :

1 – Stop Websphere Portal

2 – Clear the wp_profile\temp and wp_profile\ws_temp

3 – Go to wp_profile\installedApps\<cellName>\PA_Login_Portlet_App.ear\login.war\WEB-INF\jsp

4 – Change the StatusMessageInclude.jspf adding what you want.

Restart Websphere Portal.

Obs: If you apply fixes or fixpacks maybe you need to change it again.

WebSphere Portal

Published October 3, 2016 by kenio.carvalho

IBM Champions Nominations Open

For 2017 IBM have launched a broader Cloud Champions program, Cloud Champions will have technical expertise in the following IBM Software, solutions and services: Bluemix Infrastructure(Formerly Softlayer), Bluemix, MobileFirst, DevOps (UrbanCode) Middleware (Tivoli, Rational and WebSphere), API Connect, Cognitive (Watson and Watson IOT and Cloud Managed Services. Below is a brief description of who an IBM Champion is, the benefits of becoming and IBM Champion and our extended Champion community.

What are the benefits of being an IBM Champion?

IBM Champions may receive:

Special visibility, recognition, and networking opportunities within IBM communities, events, and conferences
Participation in exclusive IBM online communities
Exclusive access to IBM product development teams
Invitations and discounts to events and conferences
Special recognition on their developerWorks profile: The profiles of IBM Champions have special designations, such as “IBM CHAMPION” under their name and a unique icon on their profile picture. Their profiles may also include an endorsement and notable achievements in the left column to recognize their contributions to the technical community.

Nominations are now open, so you can nominate IBM Champion’s for the following areas:

IBM Social Business
IBM Power Systems
IBM Analytics
IBM Cloud – (All Middleware Champion’s will now be under Cloud)

When: October – November
How: Click here to Nominate
Link to Champion Site: Link to nomination site

WebSphere WebSphere Portal

Published September 21, 2016 by kenio.carvalho

Implement IBM HTTP Server reverse proxy to avoid CORS in AngularJS

Working this week on a new WebSphere Portal Project.

Several content are using AngularJS and some calls to get data go to another server in another domain.

To avoid CORS we implement a reverse proxy on the IHS side.

Bellow the config of my httpd.conf.
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule ibm_ssl_module modules/mod_ibm_ssl.so

SSLProxyEngine on
KeyFile /opt/IBM/HTTPServer/bin/key.kdb
SSLStashfile /opt/IBM/HTTPServer/bin/key.sth

Proxypass /acme/products https://anotherdomain/api/v1/products
ProxypassReverse /acme/products https://anotherdomain/api/v1/products

AngularJS web WebSphere WebSphere Portal

Published September 6, 2016 by kenio.carvalho

Change the IBM Security Directory Server password encryption

To change the type of encryption using the command line, issue the following command:

idsldapmodify -p port -D  adminDN  -w  adminPW  -i  filename

where filename contains:

dn: cn=configuration
changetype: modify
replace: ibm-slapdPWEncryption
ibm-slapdPWEncryption:  password_encryption_mechanism 

Here, the ibm-slapdPWEncryption attribute can be assigned any of the 
following values: none,aes128,aes192,aes256,crypt,sha,ssha, md5
sha224, sha256, sha384, sha512, ssha224, ssha256, ssha384, or ssha512.

To cause the updated settings to take effect dynamically, issue the following idsldapexop command:

idsldapexop -D  adminDN  -w  adminPW  -op readconfig -scope single 
        "cn=configuration" ibm-slapdPWEncryption

The information is from Knowledge Center

WebSphere Portal

Published August 8, 2016 by kenio.carvalho

IBM WebSphere Portal 8.5 CF12 removes the Apache Axis library from the classpath

Due to security vulnerabilities in the Apache Axis V1.x libraries, IBM is removing the Axis JAR file from IBM WebSphere Portal 8.5 effective with Cumulative Fix 12. There is no product code that uses this library, but it has been on the classpath since the initial 8.5.0.0 release.
The specific JAR to be removed is “axis.jar.”

The only exposure here is the chance that custom code, in either a custom theme or a custom portlet, would be using classes from this library. If there is no custom code in your Portal installation that is using these classes, then you will have no problems. If there is custom code in your Portal installation that is using these classes, then you will see ClassNotFoundException in the log files and will see some functional problems with that code.

Watch out! When update TDI 7.1.1 JVM

Today i upgrade one TDI 7.1.1 JVM to the latest fix from IBM.

The setup was easy, just unzip the file and copy to jvm directory.

When i launch an assembly line using delta. The log file show the following error:

CTGDKE039E Error occurred when creating IBM Tivoli Directory Integrator Property store. Property store: System-Properties Exception: java.sql.SQLNonTransientConnectionException: java.net.ConnectException : Error connecting to server localhost on port 1527 with message Connection refused: connect.

The derby database was not starting, and in derby.log i found:

2016-07-06 20:44:01.917 GMT : Access denied (java.net.SocketPermission localhost:1527 listen,resolve)
java.security.AccessControlException: Access denied (java.net.SocketPermission localhost:1527 listen,resolve)

I try everything on http://www-01.ibm.com/support/docview.wss?uid=swg21450475

The problem was related to permission. The text bellow is from https://db.apache.org/derby/releases/release-10.10.2.0.html

After upgrading to a JVM with these changes, while attempting to boot, the network server may fail and raise the following error:

access denied (“java.net.SocketPermission” “localhost:1527” “listen,resolve”) java.security.AccessControlException: access denied (“java.net.SocketPermission” “localhost:1527” “listen,resolve”)

To workaround this problem, you must bring up the network server with a security policy which includes the now required missing permission. Instead of booting the network server as:

java org.apache.derby.drda.NetworkServerControl start

boot the network server as follows:

java -Djava.security.manager -Djava.security.policy=${yourPolicyFile} org.apache.derby.drda.NetworkServerControl start

where ${yourPolicyFile} is a file containing a customized version of the policy file described in the Derby Admin Guide section titled Basic Network Server security policy. You must customize that generic policy file to fit your application. In addition, you must add the following permission to the permissions block granted to the ${derby.install.url}derbynet.jar codebase:

permission java.net.SocketPermission “localhost:${port}”, “listen”;

where ${port} should be replaced by the port number where the network server listens for incoming connection requests. By default, that is port 1527.

Solving the problem

I add permission java.net.SocketPermission “localhost:1024-“, “listen”; to the grant session of the java.policy file and restart TDI

Connections Domino WebSphere WebSphere Portal

Published June 3, 2016 by kenio.carvalho

Administering IBM WebSphere Portal 8.5 – White Paper

“The goal of this white paper is to explain the various administration and configuration tools offered by IBM WebSphere Portal8.5. Learn about which tool to use for

which task and about the new capabilities of WebSphere Portal 8.5, and understand differences from previous versions of WebSphere Portal. We take you through exercises for

each tool so you can learn hands-on how to use them.”

WebSphere Portal

Published May 28, 2016 by kenio.carvalho

Libraries to install on CentOS 6.x and setup WebSphere Portal 8.5

I now CentOS is not supported. For several years i use CentOS without problemas with IBM Software. The information bellow is the list of packages to install on CentOS and run WebSphere Portal and Db2 on the same machine. This is a Lab machine it’s like all in one box.

This list i got from Enio Basso wiki. and i want to get a copy 🙂

Install the following libraries on CentOS 6.x linux:

ksh.x86_64
rpm-build.x86_64
elfutils.x86_64
elfutils-libs.x86_64
libgcc.i686 gtk2.i686
PackageKit-gtk-module.i686
libcanberra-gtk2.i686
compat-libstdc++-33.i686
compat-libstdc++-33.x86_64
compat-db.x86_64
compat-db.i686
libstdc++.x86_64
libstdc++.i686
libXp.x86_64
libXp.i686
libXmu.x86_64
libXmu.i686
libXtst.x86_64
libXtst.i686
pam.x86_64
pam.i686
libXft.x86_64
libXft.i686
gtk2.x86_64
gtk2.i686
gtk2-engines.x86_64
gtk2-engines.i686
compat-libstdc++-296.i686

For CentOS run:

yum -y install ksh.x86_64 rpm-build.x86_64 elfutils.x86_64 elfutils-libs.x86_64 libgcc.i686 
yum -y install gtk2.i686 PackageKit-gtk-module.i686 libcanberra-gtk2.i686 compat-libstdc++-33.i686
yum -y install compat-libstdc++-33.x86_64 compat-db.x86_64 compat-db.i686 libstdc++.x86_64 libstdc++.i686 
yum -y install libXp.x86_64 libXp.i686 libXmu.x86_64 libXmu.i686 libXtst.x86_64
yum -y install  gtk2.x86_64 gtk2.i686 gtk2-engines.x86_64 gtk2-engines.i686
yum -y install  compat-libstdc++-296.i686 libXtst.i686 pam.x86_64 pam.i686 libXft.x86_64 libXft.i686

WebSphere Portal

Published May 10, 2016 by kenio.carvalho

Customer Experience Digital Data Layer 1.0

This specification describes a method for surfacing customer experience digital data on a web or other digital resource as a JavaScript Object which can be used for communicating this data to digital analytics and reporting servers.

https://www.w3.org/2013/12/ceddl-201312.pdf

Uncategorized wcm web WebSphere Portal

Published December 7, 2015 by kenio.carvalho

WebSphere Portal V8.0 setup SPNEGO and a small big difference

Setup SSO with Windows Desktop is not so hard. But when things is not well documented you can get a big headake. A customer ask to implement this SSO. The environment was a WebSphere Portal V.8.0 cluster and the user repository was AD 2012.

I setup the system following several documents from IBM and other blogs. The SSO just not work.

Searching a log for one solution i found the following:

DES Encryption and Kerberos Authentication:
Starting with Windows Server 2008 R2, domain controllers (and domain members) will no longer allow DES encryption for Kerberos tickets. DES encryption was cracked last millennium, so it’s time to move on to better encryption mechanisms like AES.

http://blogs.technet.com/b/askpfeplat/archive/2013/06/03/upgrade-active-directory-to-windows-server-2012-phase-1-assessment.aspx

The solution was simple:

Before AD 2008 the keytab generation was:

ktpass –out appserver1.keytab –princ HTTP/[email protected] –mapuser wastest –pass password -ptype KRB5_NT_PRINCIPAL

For AD 2012 the keytab command line must include the encryption type other than DES and one supported by WebSphere V8.0.x.

I use the following:

ktpass –out appserver1.keytab –princ HTTP/[email protected] –mapuser wastest –pass password -ptype KRB5_NT_PRINCIPAL -crypto RC4-HMAC-NT

The RC4-HMAC-NT did the trick.

This document show the step by step i follow.

WebSphere WebSphere Portal

kerberos spnego sso

Published November 5, 2015 by kenio.carvalho

HTTP response splitting attack in WebSphere Application Server

There is a vulnerability in IBM WebSphere Application Server that could allow an HTTP response splitting attack in Channel.

Disabling WebSphere administrative security when admin console is not accessible

<WAS_INSTALL_DIR>/bin/> wsadmin -conntype NONE
wsadmin> securityoff
wsadmin> exit
Restart the servers.
Enable the security from administrative console.
Once the needed corrections are made, you can re-enable security in the admin console and then restart WebSphere.

WebSphere WebSphere Portal

Category: WebSphere Portal