Notes Shared Login/Notes Federated Login and Smart Card Support

One of our customers wants to implement Single-Sign-On for Notes Clients on Windows Operating Systems and in the future they plan to implement Smart Cards as a Login mechanism on Windows PCs.

Due to some misleading official articles, I was not sure if Smart Cards are supported with NSL or NFL. After a check with IBM Support, it turns out that Smart Cards are supported with Notes Shared Login and Notes Federated Login, as long as you do not use “Smart Card Protected ID” Feature.

So, as long you use Smart Cards solely for OS access/login you are good to go to use NSL or NFL for Notes SSO.

Advertisements

IBM Connections – Restricting the Community Types Users can create

A while ago we had a requirement to restrict the Community types users can create, in the following I will describe how you can do that. First of these settings are primarily managed in “communities-policy.xml”, you must do the following steps to check the file out and be able to edit it.

  • Start the “wsadmin” command tool and give yourself the administration rights.

./wsadmin.sh -lang jython -username wasadmin -password <password>

execfile(“communitiesAdmin.py”)

  • Check out the “communities-policy.xml” configuration file.

wsadmin>CommunitiesConfigService.checkOutPolicyConfig(“/data/tmp”,”ic-cell01″)

  • Navigate to the folder where you have extracted the community configuration files and open “communities-policy.xml” file in your preferred editor.

Going through the Configuration file you will get the idea what you can do. But simply editing the file won´t get the job done, we also need to make use of the “Security role to user/group mapping” in Websphere console. We will get to that towards the end. Being the case that we cannot create additional user roles in WAS, we must make use of what we have offered, so in the example bellow we will make use of the “Reader” Role in Community application.

    The plan was to allow all users to create only Restricted Communities and grant the “Power Users” the ability to create Restricted and Moderated Communities, “Global” Community Administrators will still have the right to create all types of Communities, including Public Communities. In order to do that you have to take the following steps.

  • Add the following lines under <comm:policy>, Reader section:

<comm:permission class=“com.ibm.tango.auth.permission.CommunityManagementPermission”communityType=“private”action=“create”/>

  • And comment out the following lines in the Community Creator Role section (using “<!–” and “–>”):

<!– <comm:permission class=”com.ibm.tango.auth.permission.CommunityManagementPermission” communityType=”public” action=”create” /> –>

Screenshot of the Configuration file: 

  • Save the changes and check the configuration files back in.

CommunitiesConfigService.checkInPolicyConfig()

  • After that, make sure that the WebSphere Nodes are Synchronized.
  • Change the Security role to user/group mapping.

By using the following settings all Users will be allowed to create Restricted and Moderated Type of Communities.

By mapping the “Special Subjects” to “None” and setting a desired User Group for “community-creator” role, we can achieve the desired settings.

After clicking the “OK” button, the application should be restarted automatically, so you do not have to restart it manually, but keep that in mind, because your users will not be able to access Communities during restart. After doing so, we should have the following result, all users can create Restricted Communities:

Power Users have additionally the ability to create Moderated Communities:

This is just one of the possibilities you have, you could for example also manipulate the configuration file to take away the ability for all users to create Restricted Communities.

Engage 2019 – Part Two – Notes 11, Future of Connections and more!

After the exciting first two days, we continued at the same pace, the first sessions started at 8 o´clock. So after grabbing a few cafe cups and making some hard decisions on which Sessions to visit, I started going toward the presentation rooms. Just like in the previous post, I will list the Sessions I have visited and add some Information, which from my perspective is most important.

IBM Engagement Center Quickstart: Get your first Intranet pages up and running in minutes – by Martti Garden

In this Session, Martti unleashed the full power of ICEC and showed some tips and tricks, like resizing YouTube videos automatically, in order to “rock” any Connections Environment.

Notes 11 – by Ram Krishnamurthy

This got pretty interesting, by the way, as you can imagine, the room was completely full. Ram presented us the new Notes 11 Client. The Session consisted from three parts, first we got to see what HCL is striving to Achieve with the new release. We basically got a glimpse of how it should look at the end.

After that, we got to see the current state of the pre Beta release.

After the Design was presented, Ram explained us some technical differences and improvements which are going to be available on the new Notes 11 client.


IBM Connections: The Future is Bright – by Danielle Baptiste and Martti Garden

In this Session Danielle confirmed that HCL is going to continue to invest into Connections Platform, because of a strategic importance for HCL. Martti also showed us some new features which are going to come with the new CR Releases, like Integration with Slack! We also got to see what is coming with Connections 6.0 CR5, which is going to be released in the next two weeks. After the CR5, we should get at least two more CR Updates this year.

Domino on Docker Bootcamp – by Daniel Nashed and Thomas Hampel

Interested in running Domino (including Traveler) on Docker!? If that´s the case, then this was the session to be. Daniel and Thomas explained everything you need to know to “kick-start” your Domino deployment on Docker.

Domino and SSO – New Ways for secure collaboration – Round Table by Daniele Vistalli

In this Round Table Daniele presented his own Application/Solution for generating SSO Tokens, meant for environments or Use Cases where you can’t use SAML. The application is great, it is based on Domino and it shows just how versatile the platform is.

IBM Connections Customizer – Have it Your Way! – by Miki Banatwala

Miki showed us the true power and flexibility of IBM Connections Customizer. What I liked the most was the possibility to show different content based on different user groups.

Sadly could not visit all Sessions, every track had at least two or three sessions which were interesting to me, so it was always a tough call which session to choose.
Like always, the organization of the Conference was brilliant, many thanks to Theo!

Engage 2019 – Part One

The reason why this post is not carrying the title “Day One”, is because I flew over to Brussels already at Monday to attend the Champions Day Europe. The Champions Day event was interesting, I had a lot a fun to talking with fellow IBM Champions and finally meeting some of them in person. Besides, there were some really cool sessions like:

  • App Modernization – by James Baldwin
  • Managing Developers – by Bill Malchisky
  • Make a Convincing Argument for IBM Tech – by Keith Brooks

Bill’s Session completely blew me away, the Tips are simple yet very powerful. I think that everyone working on larger projects should hear this one out. Beside that, we found out that HCL is going to start its own program “HCL Masters”, which is going to be similar to the “IBM Champions” program. A big thanks to Libby, Alan and Stuart for making the Champions Day in Europe possible.

Today, at Autoworld, the first day of Engage officially started. I have no idea how Theo does it, but again the venue is just amazing. I am sure that there is no other event who can boast with such good venues.

At the Keynote Session, we got some interesting information, like that the Panagenda is working on a MarvelClient for iOS (which is at Private Beta stage) and Android Next, and the best part, it will be completely FREE!

The HCL also confirmed that they are working on a better integration between the existing Collaboration Products, across all platforms.

In the following I will list the Sessions I visited today and briefly add the Information I find to be most important.

Let’s Dive Into Sametime 10 – by Pat Galvin and Tony Payne

Sametime Limited Use v10 is going to run on either Domino 9 32-bit or Domino 10 64-bit, it also going to be fully compatible with Sametime 9.0.1 FP1. It will allow users to be online concurrently from multiple clients, desktop, mobile and browser. The mobile App is going to support SAML from the start. We saw a demo of a new Web Client, and the Client looks awesome, it is fast and it has a modern, sleek design. We also got an overview of the features which are going to be implemented in the future, more on that, and some other slides, in the gallery below.

Dealing with Users Complaints – Round Table – by Keith Brooks

A very cool Session, Keith showed us how to make unhappy users happy and some insight on how to argument in certain situations.

HCL Masters – Round Table – by Tim Clark

Valuable insights and discussion about the new HCL Masters program. HCL Masters program is looking very promising, members are going to most likely get direct L3 Support Access and unlimited Access to the Software Download Catalog. A big thumbs up!

Domino 11 – What’s coming – by Mike Gagnon

The version 11 will probably have an active License Checking, based on Flexera technology, and the license model is going to be much simpler.
Notes and Domino 11 Language Packs will be shipped simultaneously with the new version of the software, so there is not going to be a delay between the release of the new version and the language packs.
With version 11 we will have a possibility to implement “Two tiered DAOS”. We may also get Active Directory and Domino Directory Synchronization as well as “HTTP Authentication via ID Vault“.
Some slides from the session:

I am looking forward for the second part! 🙂

I will be attending Engage & IBM Champion Day

I have visited the last two Engage Conferences and I certainly don’t plan to miss it this year! Yesterday I got a Newsletter saying that the IBM Champion Day is taking place a day before the Engage, this comes just like a cherry on top!

For more Information about the event, take a look at the official page.

For everyone still undecided, I definitely can recommend the Conference, it is certainly, if not the best then one of the best ICS Conferences in Europe, in my eyes.