IV97614: Cannot revise project in Schedule tab with Gantt section


If you attempt to revise a project from the Schedule tab, where the Gantt chart is visible, your session is expired and you receive an invalid session error. The issue was observed in Internet Explorer and Chrome, but not in Firefox.

An analysis from a Fiddler trace shows that when revising the project in Chrome, this POST to GanttDataUpload.jsp seems to kill the session. In Firefox, for whatever reason, this POST doesn’t occur, and the state transition is successful. To confirm that this is the scenario you are experiencing, use the following technote to run a Fiddler trace and check for the same GanttDataUpload.jsp call: IBM TRIRIGA using Fiddler for tracing web browser traffic.

As a temporary fix, use Firefox. When the record is in a read-only state, no Save action should be called on the Gantt. Moving forward, we resolved the session-kill issue when the user performs a Revise action on a project in the Schedule tab.

[Admin: This post is related to the 08.18.15 post about using Fiddler to trace TRIRIGA web traffic. To see other related posts, use the Gantt tag or Fiddler tag.]

Continue reading

Advertisements

IV96587: Getting error that URL is too large for queries with filters


After applying the TRIRIGA 3.5.2.2 fix pack, if you have an editable query with at least 10 filter columns, when you filter on the report, you will get the URL error.

We needed to implement the same code from viewPageReport.jsp to viewPage.jsp. Moving forward, we resolved an issue, where filtering on an editable query will make the URL big enough to break the specified limit for URLs on Internet Explorer.

[Admin: A similar article is also posted in the IBM TRIRIGA blog. This post is related to the 05.18.17 post about reports with filters creating long URIs in 3.5.2.2. To see other related posts, use the Filter tag.]

Continue reading

IV95147: Report/query thumbnails not displayed properly in WebLogic


After upgrading to TRIRIGA 3.5.1.x or later, some customers are having issues with thumbnail images on reports and/or queries not being displayed correctly.

WebLogic incorrectly parses a JSP by adding white space that corrupts image thumbnails. Meanwhile, WebSphere and Liberty parse the JSP correctly. Moving forward, we resolved an issue where Oracle WebLogic was incorrectly interpreting TRIRIGA code, and injecting extra white space that caused thumbnail images to be displayed as broken images.

Continue reading

Where can you find the TRIRIGA SSO troubleshooting guide?


The IBM TRIRIGA single sign-on (SSO) troubleshooting guide is found on the Troubleshooting SSO wiki page, under the SSO parent wiki page, in our IBM TRIRIGA developerWorks wiki.

Troubleshooting single sign-on

The single most important resource to use from the TRIRIGA Platform perspective is the requestTest.jsp page.  This is a page internal to the TRIRIGA platform that will display the different areas of the HTTP header, and allow you to debug and set the third-party configuration correctly… Here are some issues that are known to occur with single sign-on, for example, if it is not configured properly.

  • Invalid username or password error…
  • Map labels are shown only in English…
  • HTTP requests are no longer forwarded to TRIRIGA…
  • FRONT_END_SERVER…
  • Adding SSL/HTTPS into the mix…
  • CA SiteMinder…
  • CAD Integrator error reporting with IIS 7…

[Admin: This post is related to the 05.29.15 post about the latest information on TRIRIGA single sign-on (SSO), and the 04.06.16 post about performance issues seen with SSO-enabled environments. To see other related posts, use the SSO tag.]

Continue reading

Why aren’t JSP URLs opening in the IBM TRIRIGA form section?


Why aren’t JSP URLs opening in the IBM TRIRIGA form section and are instead opening a separate internet browser session? We have changed a form action button to fire a URL JSP page, and this will open a separate internet browser session. If the original record is then closed, this separate internet browser session will remain open, since there is no link between it and the record. We see some URL JSPs that will be opening the URL JSP page in the IBM TRIRIGA form section, but some will open the page in a separate internet browser session. When does this happen?

This is out of the scope of IBM TRIRIGA Support to check or debug JSP code at all. The JSP code will determine if the URL pages open in separate internet browser sessions or not. You need to get assistance from your development team to review the JSP page code, in order to have the URL page open in the way that your business requires.

Continue reading

Security: IBM TRIRIGA Application Platform vulnerabilities & fixes


For convenience, here are the some recent CVE IDs and their related APARs.

CVE ID Summary APAR
CVE-2016-0300 The IBM TRIRIGA Application Platform has a security flaw that could grant unauthenticated access into all JSP pages within the application structure under certain circumstances with the right criteria, which may allow for subsequent probing and exploitation.
CVE-2016-0312 The IBM TRIRIGA Application Platform has a security flaw that grants unauthenticated access to Document Manager in IBM TRIRIGA Application Platform in versions prior to 3.3.2 only. Anyone running on IBM TRIRIGA Application Platform 3.3.2 or higher, is not at impacted by this vulnerability.
CVE-2016-0342 The IBM TRIRIGA Application Platform grants the ability to access to read or modify a report that the user does not have privileges for. IV82437
CVE-2016-0343 IBM TRIRIGA could allow an authenticated user to obtain sensitive information displayed in error messages. IV82433
CVE-2016-0344 The IBM TRIRIGA Application Platform is vulnerable to a cross-site scripting (XSS) attack within My Reports. IV82435
CVE-2016-0345 The IBM TRIRIGA Application Platform no longer discloses server file path information when BIRT reports are rendered. IV82438
CVE-2016-0346 Unauthenticated requests can be made to a vulnerable web application, which then performs unauthorized action on behalf of the attacker. IV82436

[Admin: To see other related posts, use the Vulnerability tag.]

Continue reading