Search this blog...

1/27/17

IBM Notes/Domino 9.0.1 Feature Pack 8 Preliminary Release Notice


IBM released a preliminary release notice about all the new functions included in Feature Pack 8 - the whole list can be found here: Notes/Domino 901 FP8

Currently FP8 is in "Gold Canditate" state...

But the most interesting features are:

NBP replaced with ICAA - There is no NBP (Notes Browser Plugin) shipped with 9.0.1 FP8. This has been replaced with ICAA (IBM Client Application Access). For more information, see IBM Client Application Access V1.0.1 documentation

Notes Client on Linux - There is no Notes client for Linux shipped with 9.0.1 FP8. This client platform has been discontinued and customers are encouraged to move to Windows or Mac.

Domino Server on Linux32 and AIX32 - There is no Domino Server for Linux32 and AIX32 shipped with 9.0.1 FP8. This server platform has been discontinued and customers are encouraged to move to the 64-bit platforms. Windows 32 bit remains a shipped and support platform.
 

Windows Server 2016 Support - (SPR #SVROAEPS4R)


New Features in IBM® Domino® 9.0.1 Social Edition Feature Pack 8

Optionally Move Views outside of NSF  for Increased data store in NSF
This feature is useful for large databases and provides the following benefits:
- A smaller database file size, to avoid reaching the 64GB limitation.
- Faster database backup and restore.
- Better performance by allowing concurrent access to database and views.

Java Upgrade to 1.8.
The Java run time environment provided with Domino has been upgraded to Java JRE version 1.8 to provide you with access to the latest features.
 

Optionally Increase Document Summary Data (SPR #AKNX64TLRS APARID: LO04193)
You can increase the document summary data limit on Notes 9 databases to 16MB from 64K. (The size limit for a single field remains 32 K.)
 

Add support for ADFS 3.0 and update the corresponding Cookbook instructions for configuration.


New Features in IBM® Notes® 9.0.1 Social Edition Feature Pack 8


Optionally Add Show Options: "Group By Date" And "Beginning Of Message", To Desktop Policy Settings (SPR #JSTN98BP3T APARID: LO75595)
Administrators can add the notes.ini setting EnableGroupByDate=1 on mail servers to enable the Show > Group By Date option in all mail files.
 

Optionally Retain MIME formatting when forwarding or replying to internet messages
A notes.ini setting is now available for Notes Standard clients to retain MIME message formatting when users reply to or forward messages received from the internet. Without this setting, MIME messages are converted to Notes Rich Text which can cause some MIME formatting to be lost.


Optionally Enable displaying internet addresses in mail and calendar documents
You can enable internet addresses rather than Notes addresses to display in the Notes client mail and calendar. For example, display sdaryn@renovations.com rather than Samantha Daryn/Renovations@Renovations. To enable this feature, add the following setting to the notes.ini file on a Notes client $INETADDRESSFIXUP=1

1/19/17

Open Mic Webcast: Configuring an IBM Domino Web Server to use Web federated Login (SAML)


IBM is offering an Open Mic Webcast about configuring SAML authentication on a IBM Domino Web Server.

Abstract

This procedure ensures that an IBM Domino Web server can participate in SAML-based single sign-on (SSO). The Security Assertion Markup Language (SAML) standard allows a Domino server to trust an authentication assertion from a specified identity provider (IdP).

After a presentation, attendees will be given an opportunity to ask our panel of experts questions. Throughout the event, attendees will also be encouraged to comment or ask questions in the IBM Connections Meetings Web chat. Follow us on Twitter @IBM_ICSsupport.
 

Content

Topic: Configuring an IBM Domino Web Server to use Web federated Login (SAML)
Date: Wednesday, January 25, 2017
Time: 11:00 AM EST (16:00 UTC/GMT, UTC-5 hours) for 60 minutes

Web conference
Join the IBM Connections Meetings to view a slide presentation and participate in group web chat:

https://apps.na.collabserv.com/meetings/join?id=2897-4178
eMeeting password: webcast


Phone conference
Participant passcode: 1813795

USA Toll-Free: 866-803-2145
USA Toll: 1-210-795-1099


All further informations ( international dial-in numbers, presentation, ... ) can be found here: http://www-01.ibm.com/support/docview.wss?uid=swg27049210

1/9/17

Moving Android devices from unsecure to secure communication with IBM Notes Traveler


IBM released a very smart way to switch Android devices to HTTPS communication with IBM Notes Traveler servers:

http://www-01.ibm.com/support/docview.wss?uid=swg21993951&myns=swglotus&mynp=OCSSYRPW&mync=E&cm_sp=swglotus-_-OCSSYRPW-_-E

Problem

Your IBM Verse for Android applications connect to your on-premises IBM Traveler server using an unencrypted HTTP connection instead of an encrypted HTTPS connection. Since the IBM Traveler server can use unencrypted HTTP connections immediately without any additional setup, some installations may have skipped the HTTPS setup procedures prior to deploying Verse for Android to users. To ensure that all your communications are encrypted, first enable HTTPS either on your IBM Traveler server or on an edge proxy. Then ensure the IBM Verse for Android app begins using the encrypted connection without requiring any manual intervention from your users.



Resolving the problem
This feature requires the following components at the specified minimum version levels:
· IBM Traveler server, version 9.0.1.15 (or later)
· IBM Verse for Android app, version 9.5.0.0 (or later)

If all the IBM Verse for Android apps have not yet upgraded to the required minimum level prior to the completion of these steps, then it is recommended you keep HTTP port 80 enabled until you can ensure all apps have been upgraded. It is not required that all users upgrade at the same time.

1. Enable your IBM Traveler server to use HTTPS. Typically, this will be the Domino server that hosts your Traveler server, but it could also be an edge proxy. If this is a Domino server, Domino 9.0.1 fp5 or later is recommended. See the following for more information on this task:

http://www.ibm.com/support/knowledgecenter/SSKTMJ_9.0.1/admin/conf_settingupsslonadominoserver_t.html

Also reference the article Securing connections for IBM Traveler mobile applications for the latest updates on security requirements for IBM Traveler servers and mobile apps.

2. Update the "External Server URL" field on the Traveler server to change the current server URL to start with “https://” instead of "http://". This can be done either through the current configuration document, by updating notes.ini, or by using the domino console. For more information, see:

http://www.ibm.com/support/knowledgecenter/SSYRPW_9.0.1/settingtheexternalserverurlforappledevices.htm

3. Before forcing all IBM Verse for Android apps to use the new URL, test the HTTPS connection to ensure that it works properly. The first test is to ensure that the HTTPS port is working properly and routing to the IBM Traveler server. You can use a web browser to easily validate this. Open a browser page, connect to your Traveler Server External URL, and login using an ID. For example, if your Traveler server External URL is https://traveler.example.com/traveler, use a web browser to connect to that page and validate that you do not see any errors.

4. Test the setup with a few devices that are connected to your IBM Traveler server using the HTTP connection. To do this, issue these commands at the domino console:

    tell traveler policy setdevice tsExternalURLEnforced=1 <deviceId> <user>
    tell traveler push flagsadd serviceability configGet <deviceId> <user>


Where <deviceId> and <user> are the device ID and user you are testing.You can obtain the <deviceId> of a user that has previously connected to the Traveler server using the command:

tell traveler show <userid>

5. Sync the test devices to ensure that the sync is working properly. From within the Verse for Android app, open Settings > Server and validate that the field called Use Secure Protocol is checked.

NOTE: Ensure that everything syncs normally and shows as secure. If you push an incorrect server URL to the mobile app, the only way to recover is to remove and reinstall the Verse app on the device.

6. After you have verified that the External Server URL is correct and your migrated device can sync, set the IBM Traveler server to enforce this property for all devices by entering the following command into the Domino server console:

    set config NTS_EXTERNAL_URL_ENFORCED=true


This command migrates the rest of your IBM Verse for Android apps (that meet the minimum level) to use your secure server URL.

7. Restart the IBM Traveler server to have the settings take effect.

8. Once all your IBM Verse for Android apps have been updated, you can disable the HTTP port on your Domino server, assuming it is not required for other applications that are using the same server.

12/30/16

IBM Verse on premise is available in the SW catalog


As promised from IBM some weeks ago, IBM Verse on prem is available in the Partnerworld Software Catalog ( https://www.ibm.com/partnerworld/partnertools/eorderweb/ordersw.do ).

Then you can either search for "IBM Verse" or you search for part number CJ13YML.

Enjoy the download !!

12/5/16

IBM Notes SAML authentication and the error message "Single Sign-On token is expired"


Today I received an early call from a customer with the information, that no user can login to IBM Notes with the activated SAML authentication.

The users received the following error message:



( Single Sign-On token is expired )


After some investigations and looking at the server console something made me perplex >>

[10779:00296-591341312] 05.12.2016 15:30:16   ATTEMPT TO ACCESS SERVER by .... was denied: Single Sign-On token is expired

Looking at the clock I noticed, that it´s Monday - 07:30AM !!!

After a phone call with the customer the problem was solved very quick:

an update on the VMware ESXi hosts switched all servers running on this ESXi host to get their local server time from the ESXi host and not from the NTP server !!

After manually changing the time to the correct NTP host, Notes NFL was working again without any problems.

So be aware of the time settings when using SAML authentication in IBM Notes !!