Multiple server SSO config breaks River-of-News

This blog item is about a longstanding issue that we had with the
River-of-News function on the Homepage of Connections.

The problem that we had was that the River-of-News function
broke down when SSO functionality was active before
navigating to the Homepage of Connections.

We noticed this issue only on a Connections configuration where
multiple server instances were involved like the Advanced stand-alone
installation of Connections. We didn’t had the issue on our
Stand-alone Connections installation with only one JVM.

In our environment we have configured SSO between our Connections
QuickR, webmail and Sametime servers. The River-of-news function
broke when your initial login was on Quickr, webmail or Sametime and
you navigated to the homepage of Connections in the same session.

The error printed on the Homepage was something like below

[3/31/10 18:55:01:666 CEST] 0000004c HomepageSaveN E com.ibm.lotus.connections.dashboard.web.webui.internal.servlet.actions.HomepageSaveNewsAction getAllTopStoriesForPerson CLFRQ0382E: An error occurred while invoking a remote interface (EJB) for fetching news stories for person ID 37A3BC5F-CB07-D6CA-C125-72730054A71A. Check nested exception for more details.
com.ibm.lotus.connections.dashboard.common.exceptions.servlet.NewsRepositoryRelatedException: CLFRQ0382E: An error occurred while invoking a remote interface (EJB) for fetching news stories for person ID 37A3BC5F-CB07-D6CA-C125-72730054A71A. Check nested exception for more details.
at com.ibm.lotus.connections.dashboard.web.webui.internal.servlet.actions.HomepageRiverOfNewsAction.handleRemoteExceptionForFetchAction(HomepageRiverOfNewsAction.java:79)
at com.ibm.lotus.connections.dashboard.web.webui.internal.servlet.actions.HomepageFetchNewsAction.getAllTopStoriesForPerson(HomepageFetchNewsAction.java:307)
at com.ibm.lotus.connections.dashboard.web.webui.internal.servlet.actions.HomepageFetchNewsAction.fetchAndSetStories(HomepageFetchNewsAction.java:137)
at com.ibm.lotus.connections.dashboard.web.webui.internal.servlet.actions.HomepageFetchNewsAction.handle(HomepageFetchNewsAction.java:80)
at com.ibm.lotus.connections.dashboard.web.webui.internal.servlet.news.NewsStoryServlet.handle(NewsStoryServlet.java:126)
at com.ibm.lotus.connections.dashboard.web.webui.internal.servlet.news.NewsStoryServlet.doGet(NewsStoryServlet.java:73)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:743)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)

Scrolling further down the next error came by.

Caused by: java.rmi.AccessException: CORBA NO_PERMISSION 0x49424306 No; nested exception is:
org.omg.CORBA.NO_PERMISSION: JSAS0202E: [{0}] Credential token expired.  {1}  vmcid: 0x49424000  minor code: 306  completed: No
at com.ibm.CORBA.iiop.UtilDelegateImpl.mapSystemException(UtilDelegateImpl.java:263)
at javax.rmi.CORBA.Util.mapSystemException(Util.java:84)
at com.ibm.lconn.news.ejb.client._NewsStoryEJBBean_Stub.getNewsStories(_NewsStoryEJBBean_Stub.java:1296)
at com.ibm.lotus.connections.dashboard.web.webui.internal.servlet.actions.HomepageFetchNewsAction.getAllTopStoriesForPerson(HomepageFetchNewsAction.java:304)
… 51 more
Caused by: org.omg.CORBA.NO_PERMISSION: JSAS0202E: [{0}] Credential token expired.  {1}  vmcid: 0x49424000  minor code: 306  completed: No

A simple work-around then was to logout in Connections en login
again directly to the Homepage.

We raised a PMR at IBM to figure out what we could do to fix this issue.

After a couple of mailings with Danny Chong from the LotuS Connections
Technical Support team we were advised to install the following iFix.

http://www-01.ibm.com/support/docview.wss?rs=180&uid=swg1PK77853

The stupid thing about this iFix is that the error description is totally not
relevant to our situation. Also mentioned that to the guys at IBM but
they insisted that this iFix could solve our issue.

And magically what happened :-), our issue was solved after applying
this iFix. You can’t download this iFix separately it is only packed  in
WAS fixpack 6.1.0.25 and above. Happily they sent me the separate
iFix so I didn’t had to apply fixpack 25 something that is not supported
by Connections 2.5.

Check this link to download this iFix.

Because I think this issue is very specific to the setup you use, here
is a short list which describes ours.

– Advanced stand-alone Lotus Connections 2.5 GA fixpack 1
( issue was also present before fixpack 1 )
– Linux SLES 10 SP1 – WAS 6.1.0.23
– Linux SLES 9 SP4  – DB2 9.1 FP6
– Linux SLES 9 SP4   – TDI 6.1.1 FP6
– Windows 2003 SP2 – Lotus Domino 8.5.1 LDAP

Thanks again to Danny from the LotuS Connections Technical Support
team on helping us with this one.

This entry was posted in lotus connections and tagged , , . Bookmark the permalink.

3 Responses to Multiple server SSO config breaks River-of-News

  1. Kyle Bolin says:

    We are prepairing for a Go-Live end of the month. Are test box (single jvm) was fine, But like you our prod system is having the same issue when we log into portal and do a redirection to connections.. Thanks for giving us some insite. Our Admin is hot on it
    Thx..

  2. admin says:

    Hi Kyle,

    Good to hear. Success with your project.

    Regards,

    Marco

  3. fred m says:

    Thanks guys had exact problem and this fixed it.

Leave a Reply

Your email address will not be published. Required fields are marked *

Please leave these two fields as-is:

Protected by Invisible Defender. Showed 403 to 807,335 bad guys.