Thursday, August 30, 2012

Interact Intranet: Extranets & Authentication

As we dig under the covers during our migration from Plumtree (aka Oracle WebCenter Interaction) to Interact Intranet one of the areas of greatest interest is the relationship between the intranet & extranet instances. In particular how authentication is handled between Active Directory and the intrinsic user repositories, along with the use of Windows Integrated Authentication (WIA).  It took me some time to get all the answers I needed, and I still have a long way to go to understand the system, but I hope this helps those looking to have both an intranet & extranet.


AD Logins
The only way to login to Interact using an AD account is via WIA.  This shouldn't be an issue on the intranet side as IE users will be automatically authenticated.  Logging out of an account and logging back in (for test or other reasons) will cause issue as users will likely assume that they can login via the standard webpage form, but unfortunately they'll get an error if they try that and will need to trigger the actual login page (slightly different from the page you are taken to on logout).  

The workaround to the auto-authentication via WIA is to not set your security zone, that way you are always prompted to login.  There isn't a workaround for a standard user, just hope they never logout while on your domain.

Intrinsic Logins
Only accounts with an Interact username & password can use the standard webpage form.  This holds true regardless of whether they are attempting to login on the intranet or extranet side of the fence.


AD + Intrinsic 
All profiles, including those created via AD, have a username and password section.  You could create a script to copy all AD username and passwords into these intrinsic field for pre-populated users.  Interact doesn't have a utility or script to do this, but I'm sure it could be done with some external consulting assistance.  If you do this please let me know!!!


URLS
Interact informed me that in IE7 it isn't possible to have both WIA and anonymous login for a particular site.  This means that you'll need different URLs for your AD and Intrinsic logins, one set for anonymous and the other for WIA.  Having used multiple URLs to point at a single portal instance in the past I know this can be daunting and cause many unforseen problems with applications pointing to hardcoded paths.  I wish there were a better solution to this issue and if anyone reading this has a recommendation please let me know!








Synchronize Your Sites

If you do setup an intranet and extranet environment you'll need to synchronize your front end files.  To do this you can use a utility like Robocopy which is very simple to configure
No comments:

Tuesday, June 26, 2012

Interact Intranet: Enabling Windows Integrated Authentication

Enabling Windows Integrated Authentication in Interact Intranet (the only way to authenticate via Active Directory) is a simple quick step.
  1. Login to your Interact sever
  2. Open the Internet Information Services Manager
  3. Select your Interact instance on the left panel
  4. On the right panel in the IIS area, select Authentication
  5. On the authentication screen set Windows Authentication to enabled and disable Anonymous Authentication
Ta-da! That is it!
No comments:

Interact Intranet: Installing the API

Creating a custom widget in Interact Intranet takes a few steps, the first of which is to install the API (aka Interact Web Service - IWS).
  1. Navigate to your web server roo
  2. Create a folder called InteractAPI (or whatever you want to call it), and within it create another folder called bin
  3. Go to your interact/Web/bin folder
    1. Copy the following files to your new InteractAPI/bin folder: 
      • InteractWebService.dll
      • Odyssey.Interact.Core2.dll
      • Odyssey.Interact.Database.dll
  4. Go to your interact/web folder
    1. Copy the following files to your new InteractAPI folder: 
      • Service.asmx
      • web.config
        • A web.config is needed, however the file from this specific location will cause issues.  Your best bet when you are doing this is to contact Interact to ask for a web.config because there are a lot of changes that need to happen to this file for it to work.
  5. Edit the web.config file in your InteractAPI folder
    1. Change the <add key=”connectionstring”> entry to point to your Interact db.
      1. The new entry should look something like this: <add key="ConnectionString" value="Data Source=INTERACTDB;user=interactdba;password=p!SSw!&#;Database=interact;Persist Security Info=True;MultipleActiveResultSets=True;Connect Timeout=30;Min Pool Size=5;Max Pool Size=1000 " />
  6. Register InteractAPI to IIS
    1. Open the IIS Manager
    2. Right click on "Sites"
    3. Select "Add Website"
    4. Set the Site name to "InteractAPI"
    5. Determine which Application Pool you want the API to be a part of
    6. Set the Physical path to your newly created InteractAPI folder (C:\InteractAPI)
    7. The binding shouldn't have a host name and the port should be set to 81 
  7. Configure InteractAPI Authentication
    1. Select InteractAPI from the left panel
    2. Within the IIS area select Authentication
    3. Adjust the authentication settings to match this:
      1. Anonymous Auth: disabled
      2. ASP.NET Impersonation: disabled
      3. Basic Auth: disabled
      4. Forms Auth: disabled
      5. Windows Auth:  enabled










  8. Set Default Document
    1. Select InteractAPI from the left panel
    2. Within the IIS area select Default Document
    3. Click "Add..." from the right menu
    4. Enter "service.asmx"
  9. Test the Setup
    1. At this point you should be able test your setup by going to http://localhost:81/ from your server. This should display your service.asmx page
    2. Additionally you should be able to view the service page using whatever DNS you've created for your install and appending the port.  For example http://interact:81
  10. Create a DNS entry for IWS
    1. Clicking through from your localhost path (and example code which you can request from Interact) will display some errors because there are hard coded paths pointing to http://IWS:81 
    2. To get around this you'll need to create an internal DNS entry pointing to the IP address of server you've installed the IWS on.
    3. If your DNS is setup properly you should now be able to view the Service.asmx page by visiting http://IWS:81
Stay tuned for more blog posts geared toward creating custom widgets once the API is fully installed!
No comments:

Wednesday, June 20, 2012

Interact Intranet Thesaurus - under the covers

If you go into the thesaurus section of Interact's site admin area and see a blank list one can easily be tricked into thinking that there simply aren't any entries.  Try doing a search for a 2 letter combination such as DD and you'll see that there are in fact quite a lot of entries.

Some of the default pairing make perfect sense, others are colloquial, and some are a bit more mysterious.

Examples:
Trimorphodon genus Trimorphodon
Myrciaria cauliflora jaboticaba tree
Second Earl of Guilford north
charity toss foul shot
Anthophyta class Angiospermae
half-wit thicko
hebdomad week

How it is Used

The thesaurus is used to display a list of similar terms to what the user has searched on.  So if you search on "Second Earl of Guilford" it will display an area that says "Did you mean? north".
The search results themselves don't appear to be influenced in any way by the thesaurus from my testing, but I can't say that with 100% certainty.

Additionally, the thesaurus is used to build the list of keywords that users are promoted to users when they are creating documents, categories, and sections to help them make their content easier o find.

I appreciate why this approach was taken and it certainly fits the term thesaurus.  In my previous intranet experience thesaurus lists have been used to add to search results by executing what essentially is an OR based search.  For example in our organization we use HBWW as an acronym for Healthy Babies are Worth the Wait.  Our content is inconsistent with which of those is used in titles/descriptions so users need to search for both under the Interact thesaurus system and the result set would be different for each.  With an OR based search on the same terms the result set would be identical and inclusive.

Extracting the Synonym List: Database Query

If you want to examine the out of the box thesaurus list you'll need to dig into the SQL database.  There are 13 tables dedicated to the thesaurus, yet only 2 of them are populated with any content.  I've added a few thesaurus entries but still none of these tables have changed so I'll continue to look for how they are used. It could be that the other tables populate through site usage.

 SELECT SYN.SynonymID, WORDS1.Word, SYN.WordID, WORDS2.Word
  FROM Interact.dbo.THES_SYNONYMS AS SYN
    INNER JOIN Interact.dbo.THES_WORDS AS WORDS1
        on SYN.WordID = WORDS1.WordID
    INNER JOIN Interact.dbo.THES_WORDS as WORDS2
        on SYN.SynonymID = WORDS2.WordID

Deleting the Full List

I'm waiting on verification from Interact on how to delete the entire list, in case we need to.  My assumption  is that I could delete the full contents of the tables, but there might be a catch dealing with how the ID #'s are generated/incremented and I don't want to screw anything up.

My Advice

If you are moving from an existing intranet to Interact you might want to compare your top 100 search terms  against the thesaurus.
No comments:

Interact-Intranet 5.1 new features revealed

Earlier today I attended the Interact Intranet 5.1 release announcement webinar and am a little upset because I got distracted at a few key points by work issues and wasn't able to catch every point that was made!  Luckily at the end of the webinar they announced that the recording will be made available soon and that there will be a more in-depth follow-up webinar on July 12th to cover the new features and product enhancements.  (I'll add those links as I get them).  The new version will be released on Wednesday June 27, 2012.

Upcoming dates:
July 11th, 2012 Interact Intranet 5.1: What every intranet manager should know  (webinar)

New widgets

  • YouTube
    • place it on the page, add the URL and up comes the video
    • automatic sizing depending on where you place the widget
    • you add a single video, and add other videos to a queue
    • Questions: 
      • can you add a channel or favorites feed?
      • can this widget display videos from the media manager?
      • are these videos indexed for search purposes?
  • Google
    • allows you to add map points through the widget
    • works in the US
    • Question: 
      • can you add a map created in google maps? or does it only allow you to add a blank map and add points via the widget?
      • is there a limit to the number of points you can add?
  • Translator
    • works in real time on full content of the intranet
    • 37 different languages, Welch not included
    • backend is Microsoft Translator, not Babelfish
    • the translator works on all text, documents, forums
    • Question:
      • from what I could see it doesn't appear to be tied to your profile language, instead it seemed to require you to change languages via a portlet.  Is that accurate?
  • Rotating banner
    • "incredibly useful because homepage is the most valuable real estate. This is the place that everyone will look"
    • it stops if you mouse over it
    • it is a free text widget which uses regular HTML, or an image
    • you can control the rotating speed and length of time each image stays on the screen

New & enhanced tools

  • Activity Management
    • this area had a lot of focus in the webinar and unfortunately is the area I payed the least attention to because of work needs
    • activities go live when the document goes live
    • categorization of staff for assigning activities is done in an advanced search area and lets you select based upon things such as location, department, etc.
    • it work with teams 
    • Watch the demo




  • Profile completeness score
 
  • Improved blogging tools
    • ability to subscribe to blogs 
      • Question: 
        • What is the difference between subscribing vs following?
        • Is there a way to manage all subscriptions or would one need to visit each blog to selectively unsubscribe if they wanted?
        • What is the process for subscription notification, email or alerts I assume?
  • Mobile app
    • integrated filtered content based upon your location 
 
  • Improved authentication
    • ability to reset AD passwords w/ password strength rules
  • Widget selector
    • There is a new widget selector tool to help homepage managers select widgets. Details about the widget, display of latest widgets.

Coming soon: Integrations with...

  • MailChimp
    • MailChimp helps you design email newsletters, share them on social networks, integrate with services you already use, and track your results. It's like your own personal publishing platform. 
  • Basecamp
    •  web-based project management and collaboration tool


Something I didn't know, Rackspace can be used for hosting of Interact.
No comments:

Tuesday, June 19, 2012

How to avoid Firefox's Windows Integrated Authentication login prompts

I never embraced IE and was one of the evangelists clinging to Netscape Navigator before they pulled the plug on it.  Now they Firefox has taken the help things have picked up speed but there are still a few areas where it can be less user friendly (I admit) than IE.  One of those areas that has been a sour point for me over the last 7 years is in dealing with Windows Integrated Authentication.  As anyone dealing with Intranet or other SSO based applications will know, Firefox isn't able to get these parameters from the OS and so you get an ugly popup forcing you to enter your username and password.  While it will remember what you enter, it doesn't store a cookie so you get the prompt each time you visit the site (irk!).

Today I was browsing the web and found an interesting article that details how to get around this problem.
Kudos to Interact Intranet's Ross Jamieson for this tip!

To enable Firefox to pass NTLM authentication particulars to an IIS
server and thereby prevent a login popup do the following:

1. Type about:config in the Firefox address box and press Enter.

2. Scroll down to the setting network.automatic-ntlm-auth.trusted-uris and add the website name (i.e. "intranet") to any hosts already listed as the value (comma separated).

3 Scroll down to the setting network.negotiate-auth.delegation-uris and add the website name (i.e. "intranet") to any hosts already listed as the value (comma separated).
No comments:

Wednesday, June 13, 2012

Interact Intranet: Renaming "My Page" to "My Profile"

One of the default pages setup in the out of the box Interact Intranet installation is a "My Page" link.  The destination page has information that, to me, is typical of a profile so this post documents how to change that page name.


Step 1) Change the page name
  1. While in the "Home" area, select "Manage Menus" from the Administration options.
  2. Click on the "My Profile" menu item
  3. Change the Link Name and click the save button
Unfortunately the "My Page" terminology is more pervasive, displaying within the People Directory as well.

Step 2) Change the system text
  1. Navigate to the Administration-> Site Admin -> Control Panel - Manage System Text area
  2. Click on the corresponding language you wish to change
  3. Search for: My Page
  4. A single entry should return which points to: SYSTEXT/INTERACT/CONTROLS/NAVIGATION/SIDEMENUS/MODULES/DIR/STAFFDIRECTORY/MYPAGE
  5. Change the value from My Page to My Profile
If you go to the People Directory you'll notice that the link has now changed and you should be done with this process.
No comments:
Subscribe to: Posts (Atom)