IBM ConnectED 2015 – Day Two Questions

IBM ConnectEd Day 2 was even busier than the first day. I had deep discussion on SAML, OAuth, DB2, SSL, and I’ve incorporated many of them here.

Question 1:
I heard about Profiles Administration. How do I use it IBM Connections Cloud?
Answer:
Before I answer, I think the confusion arises from our documentation which has a Profiles Administration API topic in the reference literature.

There is an alterative API in the IBM Connections Cloud, it’s called the Business Support Systems API (BSS). With the BSS APIs, you (the administrator of the organization) can request a UserID of a User, and choose to update the user’s profile.

We have a fully documented API, and some sample code.
Get the UserId for BSS
http://www-10.lotus.com/ldd/appdevwiki.nsf/xpAPIViewer.xsp?lookupName=API+Reference#action=openDocument&res_title=Get_customer_list_by_email_address_or_organization_name_bss&content=apicontent

Update the UserId’s Profile
http://www-10.lotus.com/ldd/appdevwiki.nsf/xpAPIViewer.xsp?lookupName=API+Reference#action=openDocument&res_title=Update_customer_profile_bss&content=apicontent

Here are some examples in Java
https://greenhouse.lotus.com/sbt/SBTPlayground.nsf/JavaSnippets.xsp#snippet=BusinessSupport_CustomerManagement_Update_Customer_Profile

https://github.com/OpenNTF/SocialSDK/blob/664db7538cef7e7da02091c865d10bc1c3c9f237/samples/java/sbt.bss.app/src/com/ibm/sbt/bss/app/CustomerManagement.java

Question 2:
Yes, why isn’t there a release of the social business toolkit since August?
Answer:
Actually, there is. it’s posted on github releases. https://github.com/OpenNTF/SocialSDK/releases
Please continue to reference the site and find the latest release information there.

Question 3:
I had a chat with Sedar about the fixes the team added to support Turkish and the IBM Social Business Toolkit. He mentioned that he had a few fixes he’d like to add and a new OAuth Handler. What could/should he do? (granted it wasn’t a question, more of a discussion)
Answer:
It’s opensource. You can fork the github project and do what you’d like to do. You can make a lightweight package, and change the oauthhandler to work the way you need.

Question 4:
I have a great deal of investment in my libraries and core java code. How can I use the Social Business Toolkit?
Answer:
If you’ve made the investment like this partner, the best answer is to look at the XPath Expressions and reuse the enums from the social business toolkit to limit the amount of mastery needed for ATOM/XML processing.

Question 5:
IBM Connections is making an AJAX Proxy request to a backend service. I continue to have problems with SSL. How can we figure this out?
Answer:
A very helpful post from StackOverflow has helped debug an issue and retrieve all the right client certificates. http://stackoverflow.com/questions/17203562/openssl-s-client-cert-proving-a-client-certificate-was-sent-to-the-server

Thanks to a post on StackOverflow all you have to do is:
openssl s_client -connect : -showcerts

Copy the generated certificates into CRT files and add to the CellDefaultTrustStore.

Question 6:
SSL is causing me heartburn. How can I debug SSL issues to see that the CA is accepted?
Answer:
Here are the 8.5.5 directions http://www-01.ibm.com/support/docview.wss?uid=swg21162961#show-hide
Specify the javax.net.debug system property:

In the Administrative Console, select the following: Servers > Server Types > WebSphere Application Servers > server_name > Expand Java and Process Management (under Server Infrastructure) – >Process Definition > Java Virtual Machine > Custom Properties > New.

To trace the Deployment Manager, select the following: System Administration > Deployment Manager > Expand Java and Process Management (under Server Infrastructure) >Process Definition > Java Virtual Machine > Custom Properties > New.

Type the following:

Name: javax.net.debug
Value: true
See NOTE at the end of this document for very busy production servers.
Click Apply, and Save.

Save your changes to the master configuration.

Expand TroubleShooting > Logs and Trace > server_name.

Select Diagnostic Trace Service. Increase the Maximum Number of Historical Files from 1 to 10.

Click Apply, then select Change Log Detail Levels.

Clear the trace string in the box and replace it with the following trace string:
SSL=all

Click Apply, and Save.

Save your changes to the master configuration.

Stop the server and clear/backup the logs.

Start the server and recreate the problem.

Note: The output will be in the file specified in Servers > Server Types > WebSphere Application Servers > server_name > Logging and Tracing > JVM Logs. The default is set to the SystemOut.log file and trace.log

Question 7:
How can I tell the vitality of the Social SDK project?
Answer:
IBM doesn’t disclose any private data on customer use of a project without using the proper channels and approvals. However you can look at project statistics to tell specific details. https://github.com/OpenNTF/SocialSDK/graphs/contributors and https://github.com/OpenNTF/SocialSDK/network

You can also see the latest releases on the releases page – https://github.com/OpenNTF/SocialSDK/releases and you can also pull the code from Maven.

Question 8:
We have an application that reads blogs, how do we know if a user has the right to write to a Public blog?
Answer:
Look for the link node and if they have access to the rel=edit, they have access. Thanks to Vijay Francis for the tip

Question 9:
I have developed some custom OAuth Code to refresh bearer tokens. The system doesn’t make subsequent requests properly after the calls. What do I have to do?

CachedDBToken 3 com.ibm.ws.security.oauth20.web.OAuth20EndpointServlet.TokenRequest result is bad
com.ibm.oauth.core.api.error.oauth20.OAuth20InvalidTokenException: The token with key: lKItvXpeGtZiDb9RvV9Xw6IDJIcZIdIpIEKjhy3QlhetPUl4F9 type: authorization_grant subType: refresh_token was not found in the token cache.
at com.ibm.oauth.core.internal.oauth20.OAuth20ComponentImpl.getOAuth20Token(OAuth20ComponentImpl.java:846)

Answer:
Enable tracing on OAuth and the JDBC Requests
http://www-10.lotus.com/ldd/lcwiki.nsf/xpDocViewer.xsp?lookupName=IBM+Connections+4.0+documentation#action=openDocument&res_title=Installing_and_enabling_OAuth_TAI_ic40&content=pdcontent

The partner also needed to change the refresh token step so the token was slightly modified.

Question 10:
How do I get started with the Social SDK?
Answer:
You can download the latest social business toolkit
https://github.com/OpenNTF/SocialSDK/releases
You download and expand the zip file.

The getting started page is https://github.com/OpenNTF/SocialSDK/wiki/Building-my-first-Social-Application

You can also reference https://greenhouse.lotus.com/sbt/SBTPlayground.nsf/JavaScriptSnippets.xsp to play around with the code, and see what cool things you can do.

If you have any questions you can post to StackOverflow or email me directly.
http://stackoverflow.com/questions/tagged/ibm-connections

Question 10:
We have developed Editor enhancements for other products, how do we do this in Connections?
Answer:
Check out Rob Novak’s Blog
http://ibmrockstar.com/2013/05/tutorial-extending-the-ibm-connections-rich-text-editor/

Question 11:
It was a pain to find the connections provider urls for OAuth?
Answer:
The URLs are formatted liked the following:
https://lcauto1.swg.usma.ibm.com/oauth2/endpoint/connectionsProvider/authorize
https://lcauto1.swg.usma.ibm.com/oauth2/endpoint/connectionsProvider/token

Leave a Reply

Your email address will not be published. Required fields are marked *