Skip to main content

AssertionException in IBM Connections


We had an odd scenario with a Novell directory, where the uid attribute was mapped in another attribute.  To support this scenario first we had to modify wimconfig.xml into WebSphere configuration to expose uid as another attribute (edit under <config:attributeConfiguration> )

 <config:attributeConfiguration>
  <config:attributes name="customUid" propertyName="uid">
  <config:entityTypes>PersonAccount</config:entityTypes>
  </config:attributes>
</config:attributeConfiguration>

then after mapping in TDI scripts, into map_db_from_source.properties the following,
guid=customUid
uid=customUid

we noticed that every user trying to accessing got an exception like this one

AssertionException: Unsupported access by user with no profile: cn=FRANCESCO DE COLLIBUS,ou=users,dc=test,dc=com

Making the SQL query

db2
connect to PEOPLEDB
select * from EMPINST.EMPLOYEE where PROF_SURNAME like '%De Collibus%'
my record in database was correctly found

So we deployed snoop servlet and we noticed how the user was presenting himself to the Connections



The UserPrincipal and the RemoteUser, both contained DistinguishedName.
So  into map_db_from_source.properties we mapped
loginId=$dn

We ran a sync_all_dns script, and now users can correctly access.

Comments

Popular posts from this blog

Building bitcoin/litecoin on mac os x missing EC.h

For my own fun, I was playing around with bitcoin, to check how the parameters of the cryptocurrencies can be modified.

After recent upgrades to my OS, I could not build any longer the bitcoind. Seems like something changed on that side. Now this command

./configure --with-gui=qt5 --enable-debug
Was sistematically producing 
configure: error: OpenSSL ec header missing

EC is the file for elliptic curve cryptography. I had brew correctly configured, and the header files were all correctly present. After some time spent inspecting the issue, on github I was able to find the solution for this problem. I simply add to export the following
export LDFLAGS=-L/usr/local/opt/openssl/libexport CPPFLAGS=-I/usr/local/opt/openssl/include
There is aksi pull request on bitcoin for that, I hope I could save you some time https://github.com/bitcoin/bitcoin/pull/6885/files?diff=split&unchanged=expanded

Hybris setup issue: Unsupported major.minor version 52.0

While I was typing the final "ant all" command for hybris, it miserably failed with the following exception

hybris/bin/platform/resources/ant/antmacros.xml:123: java.lang.UnsupportedClassVersionError: de/hybris/ant/taskdefs/DbDriverValidator : Unsupported major.minor version 52.0 at java.lang.ClassLoader.defineClass1(Native Method)


Even though a "java -version" gave me back version 8, ant is still using $JAVA_HOME variable.
So you have to change it into the script. My suggestion is that you adapt the setantenv.bat script with the JAVA_HOME directly


@echo off
set ANT_OPTS=-Xmx512m -Dfile.encoding=UTF-8
set ANT_HOME=%~dp0apache-ant-1.9.1
set JAVA_HOME=C:/Program Files/Java/jdk1.8.0_101
set PATH=%ANT_HOME%\bin;%PATH%
rem deleting CLASSPATH as a workaround for PLA-8702
set CLASSPATH=
echo Setting ant home to: %ANT_HOME%
ant -version

SECJ0118E with form authentication and spnego enabled

Our deployment keeps getting an odd SECJ0118E  exception when authenticating with Form authentication with Mozilla or Chrome browser not configured for Active Directory Domain.

All instructions into WebSphere infocenter for enabling fallback to default authentication were correctly applied.  We noticed that standard WebSphere security tracing (*=info:com.ibm.ws.security.*=all:com.ibm.websphere.security.*=all:com.ibm.websphere.wim.*=all:com.ibm.wsspi.wim.*=all:com.ibm.ws.wim.*=all)  provided into trace a lot of Kerberos exceptions. 
[30/12/13 17.36.57:246 CET] 0000005e Krb5LoginModu < login() Exit javax.security.auth.login.FailedLoginException: Errore di login: com.ibm.security.krb5.KrbException, codice di stato: 68
messaggio: Nessuno at com.ibm.security.jgss.i18n.I18NException.throwFailedLoginException(I18NException.java:30) at com.ibm.security.auth.module.Krb5LoginModule.a(Krb5LoginModule.java:719) at com.ibm.security.auth.module.Krb5LoginModule.b(Krb5LoginModule.java:742)

Double chec…