IBM ConnectED 2015 – Day Two Questions

IBM ConnectEd Day 2 was even busier than the first day. I had deep discussion on SAML, OAuth, DB2, SSL, and I’ve incorporated many of them here.

Question 1:
I heard about Profiles Administration. How do I use it IBM Connections Cloud?
Before I answer, I think the confusion arises from our documentation which has a Profiles Administration API topic in the reference literature.

There is an alterative API in the IBM Connections Cloud, it’s called the Business Support Systems API (BSS). With the BSS APIs, you (the administrator of the organization) can request a UserID of a User, and choose to update the user’s profile.

We have a fully documented API, and some sample code.
Get the UserId for BSS

Update the UserId’s Profile

Here are some examples in Java

Question 2:
Yes, why isn’t there a release of the social business toolkit since August?
Actually, there is. it’s posted on github releases.
Please continue to reference the site and find the latest release information there.

Question 3:
I had a chat with Sedar about the fixes the team added to support Turkish and the IBM Social Business Toolkit. He mentioned that he had a few fixes he’d like to add and a new OAuth Handler. What could/should he do? (granted it wasn’t a question, more of a discussion)
It’s opensource. You can fork the github project and do what you’d like to do. You can make a lightweight package, and change the oauthhandler to work the way you need.

Question 4:
I have a great deal of investment in my libraries and core java code. How can I use the Social Business Toolkit?
If you’ve made the investment like this partner, the best answer is to look at the XPath Expressions and reuse the enums from the social business toolkit to limit the amount of mastery needed for ATOM/XML processing.

Question 5:
IBM Connections is making an AJAX Proxy request to a backend service. I continue to have problems with SSL. How can we figure this out?
A very helpful post from StackOverflow has helped debug an issue and retrieve all the right client certificates.

Thanks to a post on StackOverflow all you have to do is:
openssl s_client -connect : -showcerts

Copy the generated certificates into CRT files and add to the CellDefaultTrustStore.

Question 6:
SSL is causing me heartburn. How can I debug SSL issues to see that the CA is accepted?
Here are the 8.5.5 directions
Specify the system property:

In the Administrative Console, select the following: Servers > Server Types > WebSphere Application Servers > server_name > Expand Java and Process Management (under Server Infrastructure) – >Process Definition > Java Virtual Machine > Custom Properties > New.

To trace the Deployment Manager, select the following: System Administration > Deployment Manager > Expand Java and Process Management (under Server Infrastructure) >Process Definition > Java Virtual Machine > Custom Properties > New.

Type the following:

Value: true
See NOTE at the end of this document for very busy production servers.
Click Apply, and Save.

Save your changes to the master configuration.

Expand TroubleShooting > Logs and Trace > server_name.

Select Diagnostic Trace Service. Increase the Maximum Number of Historical Files from 1 to 10.

Click Apply, then select Change Log Detail Levels.

Clear the trace string in the box and replace it with the following trace string:

Click Apply, and Save.

Save your changes to the master configuration.

Stop the server and clear/backup the logs.

Start the server and recreate the problem.

Note: The output will be in the file specified in Servers > Server Types > WebSphere Application Servers > server_name > Logging and Tracing > JVM Logs. The default is set to the SystemOut.log file and trace.log

Question 7:
How can I tell the vitality of the Social SDK project?
IBM doesn’t disclose any private data on customer use of a project without using the proper channels and approvals. However you can look at project statistics to tell specific details. and

You can also see the latest releases on the releases page – and you can also pull the code from Maven.

Question 8:
We have an application that reads blogs, how do we know if a user has the right to write to a Public blog?
Look for the link node and if they have access to the rel=edit, they have access. Thanks to Vijay Francis for the tip

Question 9:
I have developed some custom OAuth Code to refresh bearer tokens. The system doesn’t make subsequent requests properly after the calls. What do I have to do?

CachedDBToken 3 result is bad The token with key: lKItvXpeGtZiDb9RvV9Xw6IDJIcZIdIpIEKjhy3QlhetPUl4F9 type: authorization_grant subType: refresh_token was not found in the token cache.

Enable tracing on OAuth and the JDBC Requests

The partner also needed to change the refresh token step so the token was slightly modified.

Question 10:
How do I get started with the Social SDK?
You can download the latest social business toolkit
You download and expand the zip file.

The getting started page is

You can also reference to play around with the code, and see what cool things you can do.

If you have any questions you can post to StackOverflow or email me directly.

Question 10:
We have developed Editor enhancements for other products, how do we do this in Connections?
Check out Rob Novak’s Blog

Question 11:
It was a pain to find the connections provider urls for OAuth?
The URLs are formatted liked the following:

IBM ConnectED 2015 – Day One Questions

Question: Setting up the WidgetContainer for Profiles Administration page
you can follow this link, it goes into setting up a ficticious company called Acme Airlines’s application. you can ignore that part and focus on the nice steps and pictures which show you how to configure and setup an administrator with the profiles Administration page.

you can test all your OpenSocial gadgets using the BootStrap homepage.
an example URL is

You are most likely going to get back a warning saying, Featured Disabled

In just a few steps you can enable it on your system.

On your deployment manager profile, open config/cells//LotusConnections-config/opensocial-config.xml
Edit the File
and look for

make sure enabled is true, allowSSOFeature is true, and allowIntranetProxyAccess is true.
Also set allServers=true

Sync the Nodes so the config goes down to Your AppServer, and then Restart the AppServer.

That should help get you started building and quickly testing the opensocial gadgets.

Also with regards to dynamic heights javascript. We can certainly talk about the limitations in IBM Connections (I think we limit a Gadget to a width of 375px) I don’t think we have any limitations on the height. do the required parameters for dynamic-height should be honored.

IBM Connections Cloud Application Development Workshop – Q4 2014

Thanks to Paul Godby, a colleague in the Ecosystem Development group in IBM, there is an update to the IBM Collaboration Solutions Ecosystem Development Community. The update is compelling a new set of self-paced workshops are available for IBM Connections Cloud Application Development.

Anyone that is a member of IBM Greenhouse can access the materials.  To become a member, you have to sign up for Greenhouse at the account sign up page.

Per Paul, developers “learn how to develop applications for the IBM Connections Social Cloud”.  Some cool things to think about are – “no need to provision a hosted server environment,” IBM BlueMIx, and using REST APIs to build social applications with Connections data in the cloud. You can read his detailed Description in the community, and access the Self-Paced Materials –

Other workshops area available in the Available Workshops

I hope you all find this update helpful.

First Time Through… BSS and API Explorer Tip

My colleague Phil Riand, since moved on to Trilog Group, created a very dynamic API Explorer which can be synchronized with the Documentation.  It’s good stuff, and a nice reference.

A customer ran into a problem calling the BSS APIs against the IBM Connections Cloud (IBM SmartCloud for Social Business) C1 Test Environment.  The default environment is setup with Open Authorization, and you can configure your own environment.

Login to Greenhouse

Use the Environments Drop down

Select Custom

Select IBM SmartCloud for Social Business

Select Basic Authorization

Click C1

Click Save

Screen Shot 2014-10-23 at 7.10.45 PM

Now Click on BSS -> Authorization

Click Login (Login with your C1 credentials)

Screen Shot 2014-10-23 at 7.12.54 PM

Use the APIs….

Business Support Systems Subscription API and Part Numbers

The Business Support Systems enable an administrator or vendor to create a subscription (or entitlement) for a user.  There is one thing for those that are new… where do I get the part number.

Part numbers are the available in the Announcement Letter for the Service or Release.  I went to the Offering Site, and did a search. I entered “IBM Connections Cloud S1” and selected Announcement Letter.  I clicked Search

Announcement Letter Search
Announcement Letter Search

A quick link to my search is here .

I scroll down and find the entry that corresponds to the Announcement letter for my geography and purpose.  I click on the entry.

My Entry
My Entry

I scroll down and find my part numbers.

Part Number
Part Number

Bam,  I can call the BSS API mentioned above with the part number, and entitle a user for that part number.


OAuth Tips

For developers that are beginning to investigate oAuth and IBM Connections Cloud, you’ll find two interesting things about the oAuth 1.0a web flows and the oAuth 2.0 web flows.

1- The flows don’t support extra on the flow – for instance the state parameter. state=XYZ123

2- The oAuth 2.0 flow expects callback_uri, not the common redirect_uri parameter.

The various flows are located at oAuth 1.0a web flow and oAuth 2.0 web flow

Cross-site request forgery and IBM Connections Micro Blog

I was helping a fellow developer with creating entries for a community’s IBM Connections Microblog.  He was using IBM Connections Cloud and IBM Connections 5.0 and higher.

In the IBM Connections, there is some advanced support for requests which come from third party domains to protect against Cross-site Request Forgery and Replay Attacks.

You can make a POST request to{communityId}/@all and get an HTTP 403 response forbidden (even if a GET works with the same Bearer or Basic HTTP Authorization header. 

If you run into this issue, you should add the X-Update-Nonce header to your request.  You can get the Nonce value from the .

The request will now work and return a 201 Content Created.

Simple workaround, and handy to know for ActivityStreams and the Microblog.

IBM Connections Developers Launch


As announced on the IBM website, IBM SmartCloud for Social Business is now IBM Connections Cloud.   Users can still take advantage of the “… access to business-grade file sharing, social networking, communities, online meetings, instant messaging, email, and calendar.”

Along with the re-launched website – IBM Connections Cloud, my team has relaunched the IBM Connections Developers   We are focused on making sure Developers have the tools and information to rapidly build applications with our cloud.  Luis Benitez did a great job describing all the changes with the Cloud and the Developer Experience on his blog.

The team came up with this summary, which has since become our tagline, “Think Social. Develop with Web Standards. Deliver outstanding Apps.”  My colleagues and I are going to show you the way to quickly get started, adopt social patterns and develop compelling and repeatable integrations and social applications.

Connect with me here, or the team on the website.  I look forward to it.