EngageUG – Implementing Certificate Based Authentication for HCL Traveler Access

I am proud and honored that I was allowed to present this year at Engage in Arnhem. To be frank, I still can’t believe it. 🙂 I held a 25-Minute Session about implementing certificate based authentication for HCL Notes Traveler authentication. If anyone is interested, the Slides is embedded below:

I also took a video of my presentation, I wanted to make sure I didn’t miss any errors I have made, so that I can improve my overall presentation skills. Apart from the viewing angle, the video has not turned out to bad. 🙂

How to Make Domino Deployment and Monitoring Radically Easier – Webinar

Make sure to register for the “How to Make Domino Deployment and Monitoring Radically Easier” Webinar taking place tomorrow at 3:00 PM – 4:00 PM CET.

Join this session to learn how to create a controlled, efficient Domino deployment (regardless of where you want your servers) powered by Panopta, our new partner. You’ll learn how to get complete visibility of your Domino servers’ key health metrics in easy to use dashboards, ensure the right person is notified in case of any health or performance issues, and solve problems with automated remediation instead of manual intervention. And, with much of the configuration done out of the box, you’ll learn how to get this all up and running quickly!

How to Make Domino Deployment and Monitoring Radically Easier – Registration form

Domino 10.0.1 – IdP Catalog Database and the German Language Pack

If you are running Domino 10.0.1 Servers with German Language Pack and trying to implement SAML authentication mechanism, make sure to switch to the English version of the IdP Catalog database.

Or else you could run into the problem with creating the Service Provider Certificate by using the “Create SP Certificate” button in the “IdP Configuration” document, this action will create the certificate, but it will not create the “ServiceProvider.xml” file. When doing so, I got the following error:

Agent message: CreateIdPXML error 91 (Object variable not set) line 19 Please pass this error message to your notes admin

We had this issue in two customer environments, using Domino Version 10.0.1 to 10.0.1 FP3.

Domino AppDev Pack – Obstacles in using IAM Server for Authentication with WordPress, Drupal & Co.

One of our customers would like to use Domino as a User repository to Authenticate his users against services like WordPress and Drupal. The first thing that crossed my mind was Domino AppDev Pack and OAuth 2 Protocol. We decided to Deploy the AppDev Pack 1.0.1 (later on I upgraded the package to the 1.0.2 version) in a test environment and test this out.

The deployment is not that hard, the preparation of SSL Certificates is the key. For the Proton Task you need to create a self-signed certificate and generate some user certificates using the same CA you created for the Proton task. For everything else, you need a valid public SSL Certificate (including the client Application, WordPress for example). A big thumbs up for my colleague Christian Brandlehner for the heads-up. This is the first thing to keep in mind.

I am thinking about posting a step-by-step guide on how to deploy the environment we needed, so let me know if you are interested.

My first big issue was finding a WordPress Plugin which we were able to use with Domino IAM as endpoint. Most of the plugins available in the WordPress store can not be used in that regard. For me, only the WordPress plugin from MiniOrange was a viable option, they also have an awesome support.

After choosing and configuring the plugin I started getting various errors, like “client authentication failed” or “callback URL mismatch“. I contacted Heiko Vogt who helped me with troubleshooting, but after a some time I opened a case at HCL Support site. Here I got the information that most of the third party Software or Plugins for OAuth 2 will fail if there is a “+” or “%” sign in the Client Secret (this is by no means a bug or error at IAM component). That was the next challenge, because you can not restrict the Domino IAM on which characters to use when creating a Client Secret for the OAuth mechanism. Here you have to be patient and generate a few Applications on IAM until you get one without “+” or “%” characters in the Client Secret.

One more thing, you have to make sure that the “Callback URL” is the same in IAM Application definition and in the WordPress plugin, including any trailing slashes, this is the reason for “callback URL mismatch” error.

After a client secret with which the plugin could work was generated, we have hit the next problem, the Plugin and the OAuth Authentication works, but after a user logs in, the IAM is only sending “sub” and “accountId” user attributes to the WordPress Server. The issue here is that the free version of the MiniOrange Plugin only supports “mail” attribute at this point, the support is working on a trial version which we could try out with IAM found in the AppDev Pack.

The screenshot above shows a working configuration of MiniOrange Plugin.

In the next step, we would like to display and make the data editable, in Drupal for example, based on the Access each individual user has. We will see how that goes, but now we are confident that we can make it happen.

Update

We got the authentication to work, Domino Users can log in, via IAM on the WordPress site! As mentioned we needed the Enterprise Version of the MiniOrange OAuth Plugin for WordPress.

Live from Tokyo – In Vienna

My employer, Axians ICT Austria GmbH, is sponsoring “HCL Tokyo Live Viewing Party” and hereby you are invited.

In Addition to the Live Stream from Tokyo, the Agenda is stacked with sessions about HCL Digital Solutions software, which will be held by Axians and other event sponsors. We also have a special guest, Cornelius Granig, the author of “The Darknet”.

If you are still not convinced, check out the cool location we have reserved.

Make sure not to miss the Live Stream from Tokyo, we will be especially delighted if you would watch it together with us in Vienna, to do so, make sure to register.

HCL Domino v11, Connections v6.5 and more – Live Keynote

It’s that beautiful time of the year again, we get to play with the new Software. The HCL has announced a Live Keynote, this time from Tokyo. The keynote is going to be streamed live, and we will be able to see the version 11 of Domino/Notes, Connections and Sametime. This event is rather short, set to last for one and a half hour, during which we are going to hear about the most important facts of the new Software Version and how to start using it right away. Take a look at the Agenda below:

9–9:15 a.m.: Live from Tokyo Keynote: A Major HCL Milestone.
Presenter: Richard Jefts, General Manger, HCL Digital Solutions

9:15–9:30 a.m.: Domino V11: Why Modernizing Beats Migrating.
Presenter: Andrew Manby, Vice President of Product Management, HCL Domino

9:30–9:45 a.m.: Domino V11 Demo: One Vendor, One Solution, One Stack. The Only Stack You Need.
Presenter: Andrew Manby, Vice President of Product Management, HCL Domino

9:45–10 a.m.: We Hear You: HCL Connections 6.5 = More Value from Your Investment.
Presenter: Danielle Baptiste, Vice President of Product Management, HCL Connections

10–10:15 a.m.: Boost Engagement with HCL Connections 6.5: We’ll Show You How.
Presenter: Danielle Baptiste, Vice President of Product Management, HCL Connections

10:15–10:30 a.m.: Get Started with Domino V11 and Connections 6.5 Today.
Presenter: François Nasser, Global Sales Leader, HCL Digital Solutions

You can register for the Keynote using a GoToWebinar.

So what’s my take on this? HCL has proven that they are all about getting work done. Maybe even more important, they focus on doing the work that matters most for the customers, delivering much awaited Features. This shows in the Agenda, it is short and fully “packed”. I like this, this is a most welcome change.

I have been working with Notes V11 Beta 1 for two months or so, although this is the first beta Version, which is not publicly available, it is stable and looks very promising.

I can’t wait to see Connections 6.5, the IU should be cleaner, and along new features, we will get a lot of complementary software, free of charge. Like HCL Connections Invite and Connections Toolbar.

By the way, the new Digital Solutions Product Branding looks awesome!

HCL Domino AppDev Pack 1.0.2 – Documentation Released

The documentation for the new version of Domino AppDev Pack 1.0.2 is available.

So if you are evaluating to deploy the Domino AppDev Pack, make sure to take a look at the release notes of the 1.0.2 version.

What’s New in Release 1.0.2

Release 1.0.2 includes the following new features:

  • (Preview) A domino-db application may now request the ability to make Proton requests on behalf of a user. The feature, collectively named Act as User is implemented across multiple components from the AppDev pack. For details, see:
  • IAM service
    • Efficiently leverage multiple CPU cores on the server.
    • The ability to configure token expiration. See Configure Token Expiration.
    • Support 3rd party statistics server integration through ‘StatsD’ protocol. See IAM statistics.
  • The ability to create and read Names, Readers and Authors items.
  • The ability to create, read and delete attachments. See Attachments for details.
  • The ability for Proton to update the Domino directory with an application’s certificate. See details here.