Sametime meeting widget on IBM Connections 5.0 CR02 – error 403

I like the integration points between Connections and Sametime. The meeting room widget is a useful bridge which allows you to create meeting rooms to be used for a community. This means there is no need to create your own and try to remember who needs access to the room, whether the content needs to be removed etc. The widget keeps the membership of the meeting room in line with the membership of the community via a member synchroniser (or synchronizer).

I had some problems with CR02. I didn’t have the same problems with 4.5 and various CRs.

Firstly, the documentation in the knowledge center is inaccurate and a bit sloppy though I think that was still the case with 4.5. You can see the various comments me and others have posted on the pages. Read these comments, as I don’t know whether IBM have updated the main text yet.

If you follow the instructions as well my comments you should get as far as getting 403 exceptions in the widget. This is an AJAX proxy error BUT based on the documentation the configuration is correct. I raised a PMR with IBM and over the weeks the following steps were taken which resolved the problem.

I will provide snippets of the various files I made changes to so please supplement the knowledge center with my findings.

Ifixes

There are two ifixes I applied.

LO84327: [CR2 IFIX NEEDED]BACK PORT IC DEFECTS 132826 \133551\ 133335\130590 TO THE 5.0 CR STREAM TO SUPPORT THE SAME
http://www-01.ibm.com/support/docview.wss?crawler=1&uid=swg1LO84327

LO84399: WIDGETS (3RD PARTY) NOT LOADING IN COMMUNITIES AFTER UPGRADING TO IC5.0 CR2
https://www-304.ibm.com/support/entdocview.wss?uid=swg1LO84399

widget-config.xml

The use of {communitiesSvcRef} is more in line with the other contents of this file. It avoids needing to hard code the “url” and “iconUrl” values. Also, never call the xml or jpg using c:\ or /opt/IBM/ as the images will not show properly in a web browser.

The last thing that got this working was to remove any reference to the port number from “sametimeMeetingsServerUrl.” I had followed the knowledge center and added “:443″ to the end of it.

</widgetDef>
<widgetDef defId=”Meeting Rooms” primaryWidget=”false” modes=”view fullpage” uniqueInstance=”true” url=”{communitiesSvcRef}/MeetingRoomsWidget/MeetingRoomsWidget1.xml” iconUrl=”{communitiesSvcRef}/MeetingRoomsWidget/meetings-icon.jpg”>
<itemSet>
<item name=”sametimeMeetingsServerUrl” value=”https://meetings.collaborationben.com&#8221; />
<item name=”widgetFilePath” value=”/communities/MeetingRoomsWidget/” />
<item name=”communitiesBaseUrl” value=”{communitiesSvcRef}”/>
</itemSet>
</widgetDef>
<widgetDef defId=”Members” primaryWidget=”false” modes=”view fullpage” showInPalette=”false” uniqueInstance=”true” url=”{webresourcesSvcRef}/web/lconn.comm/communityMembers/communityMembers.xml?etag={version}” helpLink=”{helpSvcRef}/topic/com.ibm.lotus.connections.communities.help/t_com_membership_view.html”>
<itemSet>
<item name=”membersPerPage” value=”12″/>
<item name=”membersPerPageFullPage” value=”16″/>
</itemSet>
</widgetDef>

proxy-config.tpl

Be mindful of the forward slash and star in the “policy url.” Also, if you follow the example in the knowledge center then wsadmin will error when you try to check the file in because the order is incorrect (unless they have updated the entry).

<!– BEGIN CUSTOMIZATIONS HERE –>
<proxy:policy url=”https://meetings.collaborationben.com/*&#8221; acf=”none”>
<proxy:actions>
<proxy:method>GET</proxy:method>
<proxy:method>HEAD</proxy:method>
<proxy:method>POST</proxy:method>
<proxy:method>PUT</proxy:method>
<proxy:method>DELETE</proxy:method>
</proxy:actions>
<proxy:headers>
<proxy:header>X-ST-CSRF-Token</proxy:header>
<proxy:header>User-Agent</proxy:header>
<proxy:header>Accept.*</proxy:header>
<proxy:header>Content.*</proxy:header>
<proxy:header>Authorization.*</proxy:header>
<proxy:header>If-.*</proxy:header>
<proxy:header>Pragma</proxy:header>
<proxy:header>Cache-Control</proxy:header>
<proxy:header>X-Update-Nonce</proxy:header>
<proxy:header>WWW-Authenticate.*</proxy:header>
<proxy:header>Access.*</proxy:header>
</proxy:headers>
<proxy:cookies>
<proxy:cookie>LtpaToken</proxy:cookie>
<proxy:cookie>LtpaToken2</proxy:cookie>
<proxy:cookie>JSESSIONID</proxy:cookie>
</proxy:cookies>
</proxy:policy>

proxy-policy.dynamic

IBM suggested that I add this. I added the following entries early on in the course of the PMR to rule out AJAX proxy permissions. This may not be required but I haven’t tested it without it.

allow(“.*”, “.*”, “http\\:\\/\\/meetings\\.collaborationben\\.com\\/.*”);
allow(“.*”, “.*”, “https\\:\\/\\/meetings\\.collaborationben\\.com\\/.*”);

Creating a shared library

Don’t blindly copy and paste the contents of http://www-01.ibm.com/support/knowledgecenter/SSKTXQ_9.0.0/admin/install/inst_meet_rooms_widget_create_shared_lib.dita because in a previous step you unpacked the SDK files into different directories.

Error 412

The final error I got (after the 403) was a 412 error which is mentioned in the knowledge center and one that I came across in 4.5.

412 Failure to create a meeting room.
Possible cause:

The X-ST-CSRF-Token is invalid. Connections has set the HTTPONLY flag.

Workaround for error 412:
Note: Only implement this workaround if you understand its effects and consequences.

Log in to the WebSphere Integrated Solutions Console as the WebSphere administrator. (The URL ends with /ibm/console).
Click Servers > ServerTypes > WebSphere application servers.
Select the server you are working with.
In the Container settings section, click Web container settings > Web container.
In the Additional properties section, click Session management.
Click Enable cookies hyperlink.
Ensure that the Set session cookies to HTTPOnly to help prevent cross-site scripting attacks option is NOT selected.
Click Apply.
Resynchronize the nodes, and restart the WebSphere application server.

I disabled Set session cookies to HTTPOnly to help prevent cross-site scripting attacks for all the Connections applications servers, synced and restarted.

Testing

Since I only had the one community that had the widget applied to before the final changes I can’t say for sure they you will need to remove the widget and add it again or simply refresh it. You should experiment for yourselves and be mindful of any browser caching.

With this in mind, it should be working nicely for you.

2

View all

I have noticed that “view all” does nothing when clicked on it. I created six meeting rooms through the widget. The widget only shows five so I expected that it should take me to the “Meeting rooms” view where all rooms are shown. In Fiddler nothing is reported. I have asked the question of IBM.

Advertisements

Increasing library size for Connections communities using policies

A customer wanted more files to be added to a particular five communities. The default is a cumulative 512MB allowed to be uploaded to a community library. Changing the global value from 512MB to 1GB wasn’t the way to go about it so a new policy needed to be created to be applied to these five communities.

The customer wasn’t allowed access to the communities so the easiest way was to use the browse option as we only had the user’s word on what the name of all five were and searching on the name would require the syntax to be correct which it turns out was not the case…..

Start wsadmin

execfile(“D:\IBM\WebSphere\AppServer\profiles\Dmgr01\config\bin_lc_admin\filesAdmin.py”)

FilesLibraryService.browseCommunity(“title”, “true”, 1, 20)

FilesLibraryService.browseCommunity(“title”, “true”, 2, 20)

And so forth
FilesLibraryService.browseCommunity(“title”, “true”, 3, 20)

As I mentioned above, the communities were not listed. I’m not sure why as I do not have access to the servers nor saw the output.

As a catch all I asked the customer to dump all the communities using the following command

FilesLibraryService.exportSyncedResourceInfo(“c:/community_output.xml”, “community”)

(Note – It is meant to be a forward slash as it’s an xml).

This listed all their communities and from it I was able to find that the community names provided by the user were incorrect.

Now the syntax of the community names were corrected the following command was used which provided the community information.

commList = FilesLibraryService.browseCommunity(“title”, “true”, 1, FilesLibraryService.getCommunityCount())

FilesUtilService.filterListByString(commList, “title”, “Community”)

Output of the command is as follows (actual output after new policy applied):

FilesLibraryService.getById(“66530fc2-2859-48aa-a376-8ade74782611”)
{maximumSize=1073741824, size=523164256, percentUsed=0.4872346818447113, summary
=, createDate=Tue Feb 05 12:02:54 CET 2013, policyId=a4785094-6804-40a0-b68c-005
8e0541d91, externalContainerId=c702d7f1-c297-418e-b4a8-50ac1ee0aff2, themeName=d
efault, label=W59c3266be40d_4d80_925a_e8e85a278ec2, title=Community, own
erUserId=00000000-0000-0000-0000-000000000000, type=community, id=66530fc2-2859-
48aa-a376-8ade74782611
, externalInstanceId=W59c3266be40d_4d80_925a_e8e85a278ec2,
lastUpdate=Tue Apr 16 14:09:51 CEST 2013}

The libraryid is listed “id” in bold above, that is the value needed.

You can also get this value (which I didn’t realise at the time) in community_output.xml which was run earlier. The xml produced below shows the libraryid which is in bold.

-<snx:resource xmlns:snx=”http://www.ibm.com/xmlns/prod/sn&#8221; name=”Community” widgetInstanceId=”W59c3266be40d_4d80_925a_e8e85a278ec2″ id=”c702d7f1-c297-418e-b4a8-50ac1ee0aff2″ type=”community”>-<snx:creator xmlns:snx=”http://www.ibm.com/xmlns/prod/sn”><email xmlns=”http://www.w3.org/2005/Atom”/><snx:userid xmlns:snx=”http://www.ibm.com/xmlns/prod/sn”>00000000-0000-0000-0000-000000000000</snx:userid></snx:creator>-<snx:lastmodby xmlns:snx=”http://www.ibm.com/xmlns/prod/sn”><email xmlns=”http://www.w3.org/2005/Atom”>joe.bloggs@collaborationben.com</email><snx:userid xmlns:snx=”http://www.ibm.com/xmlns/prod/sn”>88aff0d8-465d-4987-bb4e-c3eea13b51be</snx:userid></snx:lastmodby><snx:property xmlns:snx=”http://www.ibm.com/xmlns/prod/sn&#8221; name=”communityType”>private</snx:property><snx:property xmlns:snx=”http://www.ibm.com/xmlns/prod/sn&#8221; name=”communityThemeId”>default</snx:property><snx:property xmlns:snx=”http://www.ibm.com/xmlns/prod/sn&#8221; name=”contentApproval”>false</snx:property><snx:property xmlns:snx=”http://www.ibm.com/xmlns/prod/sn&#8221; name=”contentFlagging”>false</snx:property><snx:objectIdentifyingTerm xmlns:snx=”http://www.ibm.com/xmlns/prod/sn”>Community</snx:objectIdentifyingTerm><snx:objectIdentifyingId xmlns:snx=”http://www.ibm.com/xmlns/prod/sn”&gt;66530fc2-2859-48aa-a376-8ade74782611</snx:objectIdentifyingId></snx:resource>

Now the libraryid is obtained you have to create a new policy.

Create the policy

FilesPolicyService.add(“1GB Community Policy”, 1073741824)

Take a note of the UUID created (in this format 00000000-0000-0000-0000-000000000000) as this will need to be applied replacing the values in red.

Apply the new policy to the community

FilesLibraryService.assignPolicy(“66530fc2-2859-48aa-a376-8ade74782611”, “string policyId“)

Check that the community is now applied

FilesLibraryService.getById(“66530fc2-2859-48aa-a376-8ade74782611”)

You should see that the values in blue below have changed and are in line with the new policy.

{maximumSize=1073741824, size=523164256, percentUsed=0.4872346818447113, summary
=, createDate=Tue Feb 05 12:02:54 CET 2013, policyId=a4785094-6804-40a0-b68c-005
8e0541d91, externalContainerId=c702d7f1-c297-418e-b4a8-50ac1ee0aff2, themeName=d
efault, label=W59c3266be40d_4d80_925a_e8e85a278ec2, title=Community, own
erUserId=00000000-0000-0000-0000-000000000000, type=community, id=66530fc2-2859-
48aa-a376-8ade74782611
, externalInstanceId=W59c3266be40d_4d80_925a_e8e85a278ec2,
lastUpdate=Tue Apr 16 14:09:51 CEST 2013}

Who deleted my Connections community?

I was asked by a customer who had deleted an important community. The SystemOut.log was of no help but DB2 holds the information I am after.

In the SNCOMM database is a table called EVENTLOG which the below screen shot was taken from using DBVisualizer. The community I focused on in my test environment is highlighted under COMMUNITY_UUID.

The screen shot shows when the community was created and then later on when Ben Williams (defined in the CREATED_BY column) added Joe Bloggs as a member (community.membership.added) and then when Ben changed Joe to be an owner (community.membership.updated).

The last two entries in the table including the important (community.removed) were created by a different ID as defined in the CREATED_BY column. You can compare this ID with the SNCOMM.MEMBERPROFILE table to compare with the MEMBER_UUID as shown in the second screen shot.

I did not have access to such a tool for the customer but got lucky by finding a bookmark referencing the deleted community which has the COMMUNITY_UUID in the URL. If you do not have the UUID then you would need to search the EVENT_METADATA column using a SQL statement like select * from sncomm.eventlog where event_metadata contains ‘community name’ BUT to run a contains statement the database needs an index unlike a like or = statement. You may want to engage your DBA at this point?

As I had the UUID I ran select * from sncomm.eventlog where community_uuid=’c436e443-bc78-4540-8907-af2a0f71c9c7′ > /tmp/deletedcommuntiy.txt which provided me with all the events similar to my screen shot below. I then ran select * from sncomm.memberprofile where member_uuid=’65977288-b975-4aba-bd47-c456a2eeebe5′ to give me all the details of the guilty party or just select display from sncomm.memberprofile where member_uuid=’65977288-b975-4aba-bd47-c456a2eeebe5′ for the display name.