There are many installation scenarios that can cause TRIRIGA reports, especially BIRT reports, to fail to export due to timeout. Microsoft Excel exports are often the ones that you can observe because all of the file formatting happens during export.
Let’s focus on WebSphere Liberty installations, but this recommendation can be used for other web servers with some tweaks. Mostly, this is related to timeout settings, especially for HTTPS (SSL/TLS) connections. A good troubleshooting test is to perform the same action in a non-HTTPS (HTTP) connection. Does the report export? If so, take note of the time needed to export it and plan to extend the timeout in the HTTPS connection to at least double the time.
Refer to the IBM Knowledge Center > WebSphere Liberty > HTTP Endpoint topic. Look for the “sslOptions”, and also double-check the “httpOptions”, for timeouts.
[Admin: This post is related to the 04.20.17 post about setting the TRIRIGA session expiration warning in the portal. To see other related posts, use the Timeout tag.]
How do you determine what is the best mobile solution for your enterprise that will enable users to get the data and functionality they need? What software will integrate smoothly, assimilate large amounts of data, comply with your security requirements, give the end users an engaged experience, and ultimately make your business more effective and efficient?
Here are the answers to the top questions asked at the FieldFLEX booth during the recent IBM InterConnect 2017 conference.
What is the security level with the FieldFLEX mobile app?
At the device level, all data is encrypted for transport to and from the server over SSL. Any data stored on the mobile device resides in an encrypted mobile database. The FieldFLEX server stores no data. User access is controlled by username and password authentication or through mobile device management platform…
What back-end systems does FieldFLEX integrate with?
Our mobile platform integrates with IBM TRIRIGA, Maximo, and a variety of other products. It is the single mobile solution for corporate real estate, condition assessment, facilities management, operations, lease and capital projects…
How are drawings published?
Mobile drawings can be published directly from your AutoCAD or Revit floor plans. Customers can choose published content which offers layering visibility control. FieldFLEX drawing publisher reduces the CAD file size by up to 90% to improve download speed and performance in the mobile apps…
[Admin: To see other related posts, use the FieldFLEX tag.]
Does TRIRIGA support TLS 1.1 or TLS 1.2 or SSL? If yes, what steps do I need to take to make TRIRIGA use one of these protocols?
TLS and SSL, from a TRIRIGA perspective, are supported by certificate technology for security and use HTTPS URLs. TRIRIGA works with HTTPS: Does IBM TRIRIGA support HTTPS, SSL and TLS? As a result, TRIRIGA can be used with TLS and SSL, regardless of the version.
There is no TLS or SSL configuration necessary within TRIRIGA. If TLS 1.1 or TLS 1.2 or SSL is properly configured through your application server and web server, TRIRIGA can be used with it. TLS and SSL are security configurations using certificate installs that exist outside of TRIRIGA. The TRIRIGA Support team cannot assist with environmental configurations of these technologies. Clients should work with their application server vendors (e.g., WebSphere, WebLogic) as well as other infrastructure-related technologies (e.g., web servers, load balancers, etc.) to properly configure these.
[Admin: This post is related to the 09.30.14 post about whether TRIRIGA supports HTTPS, SSL, and TLS, and the 04.10.17 technote about TLS, SSL, and HTTP.]
If you are going to upgrade IBM TRIRIGA Platform or IBM TRIRIGA Portfolio Data Manager (Application), you might want to review the following checklist:
- (CK01) Third party considerations…
- (CK02) Sizing recommendations…
- (CK03) Preparing the environment…
- (CK04) Upgrading the platform…
- (CK05) Upgrading the application…
- (CK06) Tuning your product…
- (CK07) High availability considerations…
- (CK08) SSO & seamless login information…
- (CK09) TLS & SSL (HTTPS) support…
[Admin: This post is related to the 12.15.15 post about the latest 3.5.0 upgrade documentation, and the 06.16.15 post about the latest 3.4.2 upgrade documentation.]
We were recently asked for guidance on setting up Secure Sockets Layer (SSL) between the TRIRIGA application and TRIRIGA database. Although this may be technically possible, setting up SSL between the TRIRIGA application and TRIRIGA database is not recommended and it is not supported by IBM TRIRIGA Support. If you have a need for enhanced security for your IBM TRIRIGA solution, please contact IBM TRIRIGA Support for assistance. We will work with you to offer supported solutions that meet your needs.
[Admin: The same article is also posted in the Watson IoT Support blog. This post is related to the 09.30.14 post about supporting HTTPS, SSL, and TLS.]
When trying to login to CAD Integrator (CI), we get a generic error: https:// secure site, SSL related. We had recently upgraded to TRIRIGA Platform 22.214.171.124 and are running CAD Integrator 12.1.1. We have taken a patch for 126.96.36.199 to get the option to “Always Trust SSL Certificates”. But that did not resolve our login issue.
When attempting to login to CI, it is reporting a login failure:
2016-02-20 12:42:16,855 ERROR [com.tririga.ci.login.LoginServiceImpl](pool-1-thread-6) Login failed: org.springframework.web.client.ResourceAccessException: I/O error on POST request for "https://FRONT_END_SERVER:443/pc/ci/dispatch":peer not authenticated; nested exception is javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
Caused by: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
The cause is the incorrect version configuration for TLSv1. We requested that the customer provide us with a MustGather summary for our extended team to review the WebSphere configuration. Following the instructions for “Collecting Data Manually”, we were able to identify a disconnect in the version of TLSv1. The SSL trace shows:
[3/25/16 9:27:01:186 EDT] 000000bf SystemOut O WebContainer : 0, fatal error: 40: Client requested protocol TLSv1 not enabled or not supported javax.net.ssl.SSLHandshakeException:
Looking at the security.xml file for the node, we can see that it is set to use TLSv1.2 exclusively. Therefore, it is not able to accept the SSL handshake from the client, because it is trying to use TLSv1. To resolve this issue, it is necessary to either configure the client to use TLSv1.2, or configure the server to allow TLSv1.
[Admin: For convenience, here are the meanings of the acronyms: Secure Sockets Layer (SSL), Transport Layer Security (TLS).]
Does IBM TRIRIGA support Seamless Sign-On, or SSO-enabled access without challenging the internet browser for credential information? We need to configure the IBM TRIRIGA solution to use Single Sign-On (SSO) without challenging the internet browser for credentials, i.e. Seamless Sign-On.
For the purpose of this document, SSO refers to Single Sign-On, meaning a single set of credentials stored in a directory server. References to SSO in this document do NOT refer to Seamless Sign-On, where a user is not challenged for credentials once they have authenticated to the network. For IBM TRIRIGA support, Single Sign-On (SSO) refers to the ability to have a single set of credentials that use a directory server for multiple applications. TRIRIGA does NOT define SSO the same as Seamless Sign-On, which may not challenge a user for credentials during the access process.
Most of the SSO configuration is related to other components outside of IBM TRIRIGA code management and control, such as the web server, application server, and security authentication layers or products you use. The same applies to Seamless Sign-On. For help on configuring those layers, you will need to contact their respective support and assistance teams, typically third-party support.
If you want to implement Seamless Sign-On, see whether most of the configuration required for the web server, application server, and security authentication products will be the same when making them ready for SSO (SSO-enabled). Note that TRIRIGA may not be compatible with using Seamless Sign-On even if they are configured for SSO. Functionality that uses applets (such as CAD Integrator) may continue to challenge for credentials. Seamless Sign-On and Secure Sockets Layer (SSL) are technologies not directly related to the TRIRIGA product and are configured at a layer prior to accessing TRIRIGA…