What is causing the “TRIRIGA security token” warning in CI?

When attempting to make a connection through the CAD Integrator client (with TRIRIGA 10.5/3.5), we are seeing the following error in the security log:

2016-11-18 10:37:55,142 INFO [com.tririga.architecture.security.logger.SecurityLogger] Login Attempt -- To: [/pc/ci/dispatch] Account: [null] From: [10.3.x.xxx] Status: [FAILED]
2016-11-18 10:37:55,705 INFO [com.tririga.architecture.security.logger.SecurityLogger] Login Attempt -- To: [/pc/ci/dispatch] Account: [jackie.lu] From: [10.3.x.xxx] Status: [SUCCESS]
2016-11-18 10:37:55,720 WARN [com.tririga.XSS] XSS potential: Request did not come in with TRIRIGA security token: /pc/ci/dispatch From: 10.3.x.xxx [MID-485378064]

The client fails to establish connection. Any thoughts on what could be causing this? We do not have SSO configured, and the FRONT_END_SERVER setting has been checked.

[Admin: The same question is also posted in the TRIRIGA Around the World Facebook group.]

Continue reading

IV89474: Trying to accept action items gives security warning

A user that was previously able to accept action items, now receives the message “TRIRIGA Security Warning: You do not have permission to access this page. Contact your TRIRIGA administrator. Thank you.” when clicking “Accept”.

We needed to set up the accept task action to follow the correct security. Moving forward, the issue was resolved where a user was getting no access when trying to accept an action item.

Continue reading

RFE: How do you set WF agents to specific workflows or groups?

Kindly vote for the two RFEs below and forward these to anyone else of TRIRIGA persuasion! These are very much required for our project. To vote for this, you need to have a IBM ID.

Continue reading

Is there a way to hide the Action Items “Accept” for some users?

Is it possible to modify the Action Items portal section to hide the “Accept” button based on user profile or security group? The portal section appears to be a system type and does not have the option to be modified.

Any object with a “sys” prefix cannot be customized nor configured. In this case, the “Accept” action is a system section action. An alternative way is to create a custom portal section.

Continue reading

What is the support for SAML SSO with external assertions, SHA-2, and multiple principal names?

What is the IBM TRIRIGA support scope for SAML SSO with external assertions, SHA-2 encryption, and multiple principal names simultaneously? We need to implement SSO with SAML and want to know if there are any restrictions when running that with the IBM TRIRIGA product.

[Admin: This post is related to the 08.18.16 post about TRIRIGA support for SAML for non-browser clients, and the 06.03.16 post about implementing SAML SSO with WebSphere Liberty.]

Continue reading

IV89017: Download link missing in the Notes & Documents section

Non-admin users that are in a group with full access to a lease are finding that sometimes they are able to view the “Download” option for documents present in a service contract’s “Notes & Documents” tab, but not other times. The problem seems to be a result of the User Permission and Group Permission sections in the “Permissions” tab of the document being missing for downloads. Once user and group information for security group access is added, the “Download” option becomes available.

This problem appears when you have at least 2 non-admin users, both in a group with full access to lease. If user #1 uploads a document to the lease and user #2 opens the lease and wants to download it, user #2 can’t since no “Download” link is present. When document permissions are examined, user #2 has no access to the download option.

As a temporary fix, modify the document’s “Permissions” tab and provide download access at the user and/or group level to the user that is unable to download… A new property ENABLE_AUTO_DOWNLOAD_ON_DOCUMENT_PREVIEW has been added to TRIRIGAWEB.properties. This property enables or disables the legacy auto-download behavior on the document record preview tab. With it enabled, it will bypass the download permission in Document Manager, and the preview tab will behave as it did before.

[Admin: This post is related to the 10.24.15 post about skipping the Notes & Documents login credentials.]

Continue reading