TOTP and vert.x  

By Stephan Wissel | 2/7/23 9:13 AM | Development - Notes / Domino | Added by Roberto Boccadoro

TOTP and vert.x - Time-based one-time passwords (TOTP) are a common security feature in Identity Providers (IdP). There are use cases beyond IdP, mine was 'Understanding what it takes'). TOTP interaction You have two phases: enrollment and use. During enrollment a secret is generated and (typically) presented as QR Code. A user points one of the many Authenticator apps to it and gets a numeric code that changes once a minute. When you use it, you pick the current number and paste it into the provided field. The backend validates the correctness with some time leeway. What it is not Typically when enrolling you also get recovery codes, sometimes called scratch codes. They are NOT part of TOTP and implementation is site specific and not standardized. An implementer might choose to check your recovery codes when your TOTP fails or provide a separate interaction using those. The initial confirmation, is actually the first instance of "use" and one could have a successful enrollment without it. This is depending on the implementation. It isn't foolproof. An attacker could trick you into typing your TOTP code into a spoofed form or just hijack your session (cookie). That's why responsible web apps run a tight security with CSP and TLS (and once browser support is better Permission Policy)

XAgents to Jakarta REST Services  

By Jesse Gallagher | 2/6/23 2:03 AM | Development - Notes / Domino | Added by Oliver Busse

For a good long time now, XAgents have been one of the common ways to do non-HTML output in an XPages environment - JSON, mostly. I think the technique was codified and the term coined by Stephan Wissel back in 2008 and the idea has been the same since. Effectively, an XAgent lets you write a Servlet but with a bit more scaffolding. Though XPages has a path to use Servlets officially, that method is more out-of-the-way than XAgents and doesn't (without further hoop jumping) give you some niceties like sessionAsSigner.

Calendar entry not displaying notes in HCL Verse 3.x   

By Rainer Brandl | 2/3/23 4:20 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Today I had the issue that a customer complained that notices on the calendar form keep on loading and loading and you're not able to create a calendar entry or even display the content of the notes an existing calendar entry.After some conversation with HCL Support ( which again was working extremely fast in person of Suraj Joshi ) I received the information that the upgrade to HCL Domino 12.0.2 could cause this issue. As mentioned in the official Defect Article this only occurs when the display language of the browser is set to another language than English.

The Pront statement [sic]  

By Andre Guirard | 2/3/23 4:18 AM | Development - Notes / Domino | Added by Roberto Boccadoro

The LotusScript debugger isn’t the simplest thing in the world to use, especially when debugging form event code, where the fact of the debugger grabbing focus may change what happens. You can put Print statements in LotusScript to do a less impactful debug, but these are hard to read and you can’t tell which messages are new — or which are repeats of the last message. For a project I’m working on now, I wanted something easier to use. So I present the Pront Console. This is an NSF you download and install on your client, with a bit to put in your applications to make the Pront statement available.

Error 404 - Item Not Found Exception after upgrade to Domino 12.0.2  

By Oliver Busse | 2/2/23 2:21 AM | Development - Notes / Domino | Added by Roberto Boccadoro

For a customer we also set up a dev environment using our application platform Aveedo where we are creating a brand new CRM system. Very soon we faced the problem, that pages were not loaded properly (404 error) at random occurrence. After some testing with various XPages memory settings etc. I opened a case, and it turned out: there is a problem in the com.ibm.xsp.core_12.0.2.20221101-2131 plugin lib, which means in the XPages core. HCL support immediately forwarded this to the dev team and they were able to create a testfix for us which solved the problem. The fix is addressed for FP1 of 12.0.2.

Introducing Bali Unit Testing Framework  

By Paul Withers | 2/2/23 2:18 AM | Development - Notes / Domino | Added by Roberto Boccadoro

Today we’ve released two projects, one on HCL’s GitHub and a fork on OpenNTF’s GitHub. It will be useful to give a bit of background, as well as an introduction the the project. The version on HCL’s GitHub is the original, Bali Unit Testing Framework, a unit testing framework written in and for VoltScript, the evolution of LotusScript currently in development for Volt MX Go. The documentation, as usual, is available on GitHub. There are a number of places where the code leverages new language functionality from VoltScript. As a result, although the code will be usable from VoltScript, the code cannot be used as-is by Domino developers. Therefore a fork has also been created on OpenNTF’s GitHub and adapted for LotusScript, Bali Unit Testing Framework. The documentation is available also on GitHub. This can be used by Domino developers. The documetation has also been slightly modified, to be relevant to LotusScript developers.

Sametime V12 MongoDB LDAP issue when using webusers  

By Remco Angioni | 1/30/23 1:57 AM | Infrastructure - Sametime | Added by Roberto Boccadoro

When you move from a Sametime version running on Domino to the Sametime V12 version, running on Docker......there could be a problem when you have webusers running in your Sametime environment. You always have to run the Sametime Name Change utility to move away from Domino (LDAP) syntax ( CN=Remco/O=ORG to CN=Remco,O=ORG) https://help.hcltechsw.com/sametime/11.6/admin/changing__names_in_contact_and_privacy_lists.html There is a problem when you have used Sametime 11.6, which already used MongoDB for chatlogging, and used WEBUSERS (and not registered users). Webusers are saved flat in MongoDB and do not contain the CN=…/O=… syntax. When you move to Sametime V12 and converted the users to LDAP and imported vpuserinfo to MongoDB, you see a loss in Contacts and Archive. Your account is no longer connected to your old chats and doesn’t contain any contacts. Why?

A new tool for creating rich text  

By Andre Guirard | 1/26/23 7:32 AM | Development - Notes / Domino | Added by Roberto Boccadoro

I’ve used an earlier version of this in other applications, but now it’s greatly improved and expanded. This is an API for creating rich text, including all the variations of sections, tables, image backgrounds, links, borders… This is an initial 0.1 release, so there will almost certainly be more changes coming, but I need y’all to drive this. Download it, try it out, respond here with questions and suggestions

Always get the latest Huddo version in HCL Connections  

By Wannes Rams | 1/26/23 3:09 AM | Infrastructure - Connections | Added by Wannes Rams

We have documented how to connect to our version, but that documentation is focused on a manual install of Component pack and connecting to our systems from the start. I want to show how to do it if Boards is already installed and running using the automation scripts. You can obviously follow this guide if you did a manual install and connected to the HCL resources, I am just mentioning some specifics about the HCL automation you can ignore.

Overdue PSA: Reverse-Proxy Headers in Domino 12.0.1FP1 and Newer  

By Jesse Gallagher | 1/25/23 11:19 AM | Infrastructure - Notes / Domino | Added by Oliver Busse

Just over a year ago now, I wrote a blog post describing the sudden removal of my beloved HTTPEnableConnectorHeaders notes.ini parameter in the 12.0.1 release. However, during the administration-focused OpenNTF Repair Café today, I was reminded that I never modified that post or made a followup to detail the changes since then. I plan to remedy that here!

Nomad Web server connection options  

By Daniel Nashed | 1/25/23 7:30 AM | Infrastructure - Notes / Domino | Added by Oliver Busse

Nomad Web is a modern HCL client offering in form of a Progressive Web Application (PWA) running in your web browser. In addition to Windows or Mac, it also works on Ubuntu and other Linux distributions! So there is finally a client offering for Linux clients again! The Nomad Web application is installed on a server providing the required files for download. Those files can be stored on a SafeLinx or Domino/Nomad Web server.

The state of Social Business continued – Meetup  

By Femke Goedhart | 1/25/23 4:14 AM | Infrastructure - Connections | Added by Wannes Rams

The last HCL Ambassadors meetup we did last December had a bit of an open end and therefor we would like to continue where we left off: With the state of social business and the position of HCL Connection in it. Join us and let us know!

More thoughts on Content Assist  

By Andre Guirard | 1/24/23 3:34 AM | Development - Notes / Domino | Added by Roberto Boccadoro

Recently I write about best practices for commenting for content assist. I’ve been writing a lot of LotusScript recently (I’m making a present for you), and in trying to make the content assist as helpful as possible, I’ve had some additional thoughts.

Windows Sandbox - A feature you should know  

By Daniel Nashed | 1/23/23 2:20 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

The sandbox can be a very useful tool for many different situations. I am often using it for Domino server or client install tests. But there are many other use cases including training environments etc. It's a full throw away sandbox environment recreated every time you start it. The only limitation is that you can't reboot the Windows for example after a software update. But even installing the Windows re-distributable run-time package does not require a boot. Most applications like Notes/Domino install it on their own. I needed it to test my own applications. But there is an easy way to download and silent install it:

NGINX TCP Stream with SNI support. More than helpful for lab environments  

By Daniel Nashed | 1/23/23 2:15 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

In production you usually want centralized certificate handling and off-loading TLS termination to a load-balancer. I posted scripts to have NGINX realod certs automatically from Domino CertMgr via HTTPS to leverage Domino's Let's Encrypt implementation. But sometimes you really want all your servers directly exposed over TLS. For example in a lab environment with limited resources and only one IP, you might want to still have each of the hosts expose their services on their own.

Quest for SAML to everybody continues  

By Fredrik Norling | 1/23/23 2:10 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

My article regarding debugging SAML on HCL Domino is updated today with 2 points What is the SP certificate used for What can be wrong when you get a login loop Check it out in the article https://www.xpagedeveloper.com/2022/debugging-saml-setups-in-hcl-domino

Submit a session proposal for Engage - time is running out!  

By Heiko Voigt | 1/20/23 4:53 PM | Business - Events / People | Added by Oliver Busse

I already did but for those of you out there still thinking about it - Theo asked for more proposals so don't wait too long - you can submit speaking propsosals until January 31st with this link.

Certificate Information tool   

By Fredrik Norling | 1/17/23 2:40 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

SSL certificates, SAML certificates, Signing certificates the number is long of different kinds of certificates and you might need to check the name of a certificate, the start or end date or perhaps the thumbprint. I use the tool mainly to get end dates of certificates sent to me from customers because I hate when they expire and need to be changed without any preparation. And the worst kind that most administrators often miss is the certificates that is auto created i.e. in ADFS servers, Azure Enterprise apps, Okta

Download: Simple App Starter  

By Andre Guirard | 1/16/23 5:58 AM | Development - Notes / Domino | Added by Roberto Boccadoro

I was creating yet another HCL Notes demo client application recently and was hunting for an existing application I could copy the basic navigation features from without having too many unique things to get rid of. Strange hide formulas, Queryopen code, etc. It occurred to me there should be a template for that. So I created it and here it is (also available on the Downloads page).

Best practice error trapping in LotusScript  

By Andre Guirard | 1/13/23 10:31 AM | Development - Notes / Domino | Added by Roberto Boccadoro

The handling of unexpected errors is one of the headaches we have to deal with while coding. By their nature, you don’t have a specific strategy for handling that error, or it would be an expected error. But you don’t want to present the end user with the uninformative default error dialog. Default type mismatch error dialog.What line, please? Also, end user, please DON’T click the link. We’d hope the end user never sees the system error message, but if they do, we should at least have enough information for a developer to locate the code line that generated the error. That means we want a stack with line numbers, such as Java generates by default. In this article, I discuss three “levels” of error handling. You can choose how far to take it based on your needs and the amount of effort you want to put in.

HCL Connections Docs 2.0.2 High CPU load  

By Urs Meli | 1/12/23 9:32 AM | Infrastructure - Connections | Added by Wannes Rams

We noticed on at least 2 environments, that the CPU load was around 100%, Memory usage 100% and Swap used 100%. Prior to the update, the servers ran happily and did not show any issues. The process list (htop) showed a lot of /opt/libreoffice7.2/program/soffice.bin tasks.

Keycloak and Kerberos  

By Urs Meli | 1/12/23 9:29 AM | Infrastructure - Connections | Added by Wannes Rams

Goal: Login to your Windows Client and do not have to login to Connections Motivation: Sure you can configure SPNEGO directly in WebSphere. But you might want to support OTP/WebAuthn for external users which are not in your AD?

Email Encryption  

By Prominic.NET | 1/12/23 9:20 AM | Infrastructure - Notes / Domino | Added by Roberto Boccadoro

Emails are now not only an important part of our daily lives but also one of the most used gateways for cybercriminals into our lives. Let’s explore how we can keep the door shut.

Users don't read your dialogs   

By Andre Guirard | 1/12/23 3:02 AM | Development - Notes / Domino | Added by Roberto Boccadoro

You know how you open a dialog to ask for confirmation or additional information, or to warn them what’s about to happen? Yeah. People don’t read that stuff. The dialogbox is just an obstacle to completing their task. They may press Enter or do whatever it takes to get past it — especially if they routinely encounter other dialogs in the application. This article discusses best practices and tooling to get people’s attention where it’s needed and to avoid negative consequences of inattention.

Migration issue on opnact when using dbt.jar  

By Wannes Rams | 1/10/23 9:59 AM | Infrastructure - Connections | Added by Roberto Boccadoro

While I was migrating a Connections 7 on premises customer to our cloud using the dbt.jar tool, I came across the issue that the OPNACT database did not want to migrate, it threw an error on the OA_NODE table stating that the source table has 38 columns and the target one 37 The column that did not exist on the target was OWNERMEMBERUUID Now the target database is a fresh cnx7 created database from the cnx7 scripts and the creation script does not contain this column. So I started looking through the database scripts to check what happened to that column over time.

How to perform a db2 redirected restore  

By Wannes Rams | 1/10/23 9:58 AM | Infrastructure - Connections | Added by Roberto Boccadoro

Sometimes you need to restore db2 databases on a different machine. For example during on prem to cloud migrations, or when moving database servers during an upgrade for Connections. In most cases some of the paths will be different. The LOGPATH is gonna be your main issue. Goal of this post is to show you how to restore the database and change the LOGPATH setting inside the database you are restoring on the fly.

Close & Reopen Database, and Ad Hoc Stored Form   

By Andre Guirard | 1/9/23 9:09 AM | Development - Notes / Domino | Added by Roberto Boccadoro

I’ve been working on a Notes client application recently where I ran into the problem that I needed to create a design element and then immediately use it. This ran afoul of the Notes client’s design element cache — it wouldn’t recognize the new design element until I closed the application and reopened it. There’s no “close and reopen” command in any Notes scripting language, and if you close the current application completely, your code in that application stops running, so you can’t then execute a command to reopen it. Here’s my solution. Someone will probably comment about some much simpler solution I’ve missed, such as a secret command to reload the design element cache, but this way works.

Creating random names for test data  

By Andre Guirard | 1/9/23 9:07 AM | Development - Notes / Domino | Added by Roberto Boccadoro

Notes/Domino applications don’t just have code — they also store data, often a lot of it. But it can take years for them to accumulate enough documents for any performance issues to start seriously impacting users. When designing an application, especially a brand new one, it’s important to performance test it with an unreasonable amount of sample data so any performance issues become evident immediately.

Coding for translatability in Domino  

By Andre Guirard | 1/5/23 3:13 AM | Development - Notes / Domino | Added by Roberto Boccadoro

This is partly for organization which, like HCL, use Domino Global Workbench to do translations of their Notes/Domino applications. But also, even if you do translations manually, or even if you don’t do them at all, it makes sense to learn good habits for creating applications in a way that makes translations simple, because it’s not that hard and you never know.

2022 in review and what's to come in 2023  

By Heiko Voigt | 1/4/23 4:36 PM | Business - Events / People | Added by Oliver Busse

In resemblance to the song "sixteen tons", this altered first line of the chorus is not what my 2022 looked like at all. Sure enough it was a busy year - more busy than the most previous ones, and my daily struggle between family time, work and off-time projects got into a new dimension.