Connections 5 SPNEGO Confusion - Dogs & Cats Living Together!

I have been working on a PMR for Connections 5 trying to configure SPNEGO , foolishly as it turns out using the IBM Connections 5 Knowledge Center.  I have just finished a 3hr screenshare with WebSphere security support who started the call asking why on earth I was configuring it the way I was.  When I showed them the documentation on the Knowledge Center for configuring SPNEGO I was asked “why are the Connections team saying to do that, that will never work”. Imagine my joy having spent nearly 2 days working on it before opening a PMR.

They are going to fix the knowledge center documentation hopefully but in the meantime this handy dandy little screenshot should help you

The incorrect documentation (and hopefully it will be fixed before you even click on it) is here

In addition the WebSphere security team disagree with the Connections team on creating a keytab for the IHS server only in any circumstances which this document says to do

Finally they also disagree on requiring the connectionsAdmin account to be the one that is used to start Windows services which may be a bad use of wording on this document here (See item 6).   They have advised that as far as SPNEGO is concerned any AD account would do.

They have also advised that you should make sure there are no other SPNs for that hostname floating about (I don’t have visibility of AD but it’s one for the customer to check)

I have asked for definitive documentation from the Connections and Websphere teams on how they want this configured before moving forward

Norway & ISBG

Last week I was in Norway at the ISBG conference in Larvik.  You would know this if I hadn’t messed up publishing my blog entry talking about how much I was looking forward to going and what I was presenting on but I tried to set it to publish “in the future” and got the year wrong - so yeah.. I”m back!

At the bottom of this blog you’ll find links to my three presentations. Two of them are updates from ones I gave at Connect and the third is entirely new on how to configure Single Sign On / SAML / SPNEGO for your company.  I had 45 minutes for that presentation and even abbreviated I ended up with 55 slides but I think it went well - except for the bit where I kept stepping forward to hear questions better and nearly fell off the front of the stage.  You know the moment where one foot hangs in mid air and you desperately throw yourself backwards to stop falling forwards.  That.

Any-who , this was only my 2nd trip to Norway and since last year it poured with rain the entire time I didn’t see much. This year we spent some of the weekend in Oslo by the harbour and walked, walked walked.  A beautiful city and if you get a chance I highly recommend the Viking Ship Museum (get there early before the crowds as we did) and the Norwegian Folk Museum (thank you to Wencke Lorentzen for her guiding and the lefse ). The Folk Museum is huge and impossible to completely cover even if we had a whole day which we didn’t because we spent too long with the viking ships.  A very interesting takeaway for me is that without any form of written communication there is very little understanding of how the vikings managed to survive, sail huge distances, find their way home and live each day - all we can is make a best guess.   We also spent a long day walking, walking around Oslo which has some of the best public art I’ve seen (it was a gorgeous day so that helped the 9+ miles journey).

Oh and we ate some of the best food ever - if, like me, you love fish and especially raw fish and also cheese, and are happy for the waiter to bring out “whatever” until you say stop.. well Norway rocks 🙂

Thank you to the ISBG team for inviting me once more and everyone who attended.