Common Debug Protocol

****************************************** ***START UPDATE 10/3/2016*****************

LAPI and its client installer has become very hard to find. Moreover clients written in LAPI in say Java/.NET will only work if your Livelink a.k.a Content Server is of version less than CS16.Readers who are new to LL programming is encouraged to read this to the approach and not to the exact lines of the code.What I mean is when you used to program in LAPI you were basically passing parameters to discrete calls by modelling it based on the webgui of livelink .SOAP based webservices called CWS is also the same,so if you do not try to do the task in the webgui and try to understand the business rules you will almost have no success in CWS too. OT is notorious for not putting fully functioning use cases and a walk through,so whenever possible I write code assuming the user has not worked in Livelink for X number of years and try to educate you all. Livelink,Content Server,Enterprise Server all of this has been Livelink’s marketing brand name changes over the years.CS i sused in many of the integrations like AGA, XECM, RMLINK and you know you are programming against livelink if you see a link that looks like this http(s)://somefriendlyURL/livelink.exe|cs.exe|llisapi.dll|cs.dll|livelink.In many places SAP/ SP /Exchange will be configured to talk to Archive Server and then they will use Livelink to read into archive server and turn that into LL objects for better presentment/RM and other aspects. The AGA product is moving away from LAPI(not sure totally or not) to REST API in LL.

**********************************************END UPDATE****************************

In most cases I have noticed that programmers brought into livelink a.k.a Content Server web server programming lack a general understanding of livelink and its business rules.The Vendor maintained links is written almost to a starting novice but again people will run into problems.To mitigate this one has to have a simple protocol

Ask the livelink team a representative container(folder ,project,compound documents,document work spaces all of them are shells or containers to hold additional objects) that the CWS programmer can access using the webgui.
Ask how is authentication enforced.In almost 90% of places it will be SSO(NTLM,IWA,other LDAP methods)
In most cases CWS application where you source the WSDL’s from will be “anonymous” because that is the level of documentation OT gives admins which means that the CWS user has to be manual user in livelink also known as a user with a password the livelink admin team gives you
I have published several successful posts here that allow me to do SSO(IWA/NTLM) that is because I know how to set it correctly.Most of it was looking at IWA webservices samples.
I have installed and configured OTDS as well ,it is a re-directional(kerberos implementation) .Simply put when you access a link such as http://localhost/livelink/llisapi.dll if OTDS authentication is involved your call is redirected to the OTDS server(Tomcat in the version I tried).The kerberos token that is prevalent in your domain login is used to establish who you are against a configured LDAP appliance like AD and returned back to the livelink server.Anybody who knows enough about livelink URL’s know the web escaped URL’s, you should see the re-direction when using wireshark or fiddler as well. This ideas are my interpretaion and not OT’s so take this with a piece of slat.
The above OTDS authentication is overkill if Livelink was employed as a DMS or in your org people know that Livelink is there.It would make sense to tunnel xECM SAP Users your piggy backing on MYSAPSSO2 mostly integrations form other systems who want a seamless experienec.Altogether it is very easy to setup and implement save for the fact that creating SSO against AD is basically a one click operation.

Allright so what is the post about

If you are a .NET CWS/EWS programmer you will basically be sending this token with each service client call because livelink is http and state based and you never know if the request is being handled by the same server or the same thread.

You would see .NET code like this

DocumentManagement.OTAuthentication dmOTAuth = new DocumentManagement.OTAuthentication();
ContentService.OTAuthentication csOTAuth = new ContentService.OTAuthentication();
SearchService.OTAuthentication ssOTAuth = new SearchService.OTAuthentication();

and things like

string token = authclient.AuthenticateUser(username, password);
if (token != null)
{
ssOTAuth.AuthenticationToken = token;
dmOTAuth.AuthenticationToken = token;
csOTAuth.AuthenticationToken = token;

}

contextID = dm.GetVersionContentsContext(ref dmOTAuth, dataID, 0);

the above is akin to a logged in user trying to download.the ref keyword is modern .net above 2.5 CLR or higher

If you are a JAVA CWS/EWS

In Java, however, you don’t need to do this and instead you set authentication information into the object representing the service. In your code you do this

setSoapHeader((WSBindingProvider) search, otAuth);

There are many more subtle differences with Java and .NET but for the most part it should work cleanly

If one were interested in debugging at the livelink server

Method 1: Login to the livelink URL that usually ends in /llisapi.dll or livelink.exe or livelink.Do you see an authentication screen that looks like an HTML page and not one that looks like a windows auth prompt?.If you were seamlessly taken into the application then this “instance” of livelink server has its authentication set to some authentication.assuming the simplest mechanism it could be IWA also interchangeably known as NTLM,SSO etc etc.

Method2:Open up the opentext.ini file on your “instance”.Put debug=2 and WantLapiLogs=true and re-start the instance. Then pass a simple wsapi call like calling enterprise workspace or so.One of the simple java samples you have here https://knowledge.opentext.com/knowledge/llisapi.dll/fetch/2001/15080935/-15106263/15106294/15106295/16376487/17990637/45500683/java_src/cwsCodeSamples_Java.zip.Look in the thread logs for places like <inArgs and <outArgs.It will have debug info.If you don’t see it here and your code works perhaps your code is getting answered by another instance or terminating at the webserver not even reaching livelink.

Method 3-Put Fiddler and learn how to use it when you hit a webserver.Then you can actually see your WSAPI client code making requests in Action.Many times they are going to indicate something.

Method 4: There is a livelink sysadmin request handler that goes like <LIVELINKURL>?func=admin.testargs.Do you see “REMOTE_USER” filled and a auth mechanism something resembling this AUTH_TYPE =Negotiate REMOTE_USER =DOMAIN\USERID or userid@domain REQUEST_METHOD =GET Then chances are this livelink is protected by a auth method other than “anonymous” Most webservices samples written by OT pertains to simple anonymously authenticated livelink servers.Do you have SSO samples lying in the web or here.Sure search for Guy Pomerleaux or me for a few who have ventured with it in the forums .Just by trial and error of the Web.Config and App.Config I have suceeded.Why wouldnt OT put a official sample,guesses are different web server different ways of deploying livelink,too much work to officially support it although the OTDS mechanism is kind of a middleware to address that 🙂
Method 5:Search Debugging Livelink when people or programs search use the Livelink Search API to call it. While it looks integrated believe it or not the searching is a different software and it can be used for any general purpose searching.Read OT history as the first searching company in the world(Yahoo search Engine :).Sometimes it becomes difficult to create queries properly so it is very easy however I do it like this.Isolate a named server(some address that wont be like a LB URL).Find that server’s Opentext.ini and in the [options] area add wantSearchLogs=true.Then run a search from the GUI.In all likelihood for each search you will find a new txt file that will contain the query.Try to understand it and repurpose. Similar files will exist in the Admin server for prospector queries and intelligent classification queries.

Now I have given you many pointers that would lead to successful coding.However let it be known that a livelink can be configured in very many different ways such as an admin can put a expiration of livelink cookie to a very low value,you could be bouncing off livelink servers ,your code may come from a redirected system such as SAP or SP lots of problems could occur if the architecture is not well understood by replying people like me or even you.I am not a OT employee but have worked enough to know certain things that could occur.So my simple request to you would be to as much as possible educate yourself and the forum about the same. Also try the simplest mechanisms of OT code first to iron out the difficulties.It should not be too hard.

Transporting Objects with Livelink

Update:10/22/2014

Me and my colleagues recently used this framework for transporting a custom subtype that we designed.We were helped by a kind OT developer All in all it saved our administration team from running XMLEXPORTS and XMLIMPORTS but the key factor is that needs to work for the transport code to work.

Update ends…

Recently OT announced a “Transport” mechanism. Users working in SAP etc are familiar with such a mechanism as changes to a baseline system are marked as configuration changes and ported to other systems.While I am oversimplifying this in a SAP deployment since so many code modules have to be configured it is impossible for an admin to remember what all has to be changed hence they decided at least 20 yrs back an enterprise program needs a transporting strategy as well.

Now lets look at how livelink gets deployed in an org. Mostly Livelink is deployed to address a document management pain/problem.Some consultants or a admin/developer who gets trained in livelink or somebody who has some documentation starts to install/configure this.assuming the person(s) have some common sense and tickets later it is working.Actually the first time install guide is very nicely written and it is mostly a “next” “next” kind of install.

Having configured it the person/persons start modelling the solution.It may involve setting up folders,categories for collecting metadata,classifications for alternative taxonomies,RM classifications ,Permissions(ACL) etc. OT and a lot of ecosystem partners take the money to sometimes set it up.You can make it complicated or simple.

Ok now that it is past the POC phase the next phase is the perhaps a TEST a more formalized place.Now comes the first shock how do I not necessarily duplicate all the work I did on a lower system.Fortunately while there was no advanced GUI or “Transport Bench” mechanism many of these building blocks can easily be transferred by XML IN/OUT operations.Smarter modules such as Classifications/RM anticipated the need for this so they did make their own transport mechanism well ahead of OT. But almost everything one could accomplish in a poor man’s methods

Now in controlled industries like Pharma etc this manual stuff was sheer heresy so companies like Global Cents made excellent products

So why the Transport now. My theory is the entry of integrations between SAP and Livelink.In fact the web services also was something my thought SAP forced OT’s hands.Many SAP customers are now getting a facelift with livelink doing a lot of backend services,pretty gui’s etc.

Here’s an interesting fictitious exchange between different players in a Integration meeting this is circa 2010,2011

SAP Basis Admin-Here we got the xECM thingy and archive server thingy going with OpenText (Notice OT in that because there is no product called that),I sthere anything else you guys need and can I close the client.

OT Consultant- Oh sure but on the next client you have to give me high access to edit the connections,change a few GUID’s(dataids) etc.

SAP Basis Admin-What the …..That means you have to do all this again

OT Consultant-Not everything just a few tweaks and pointing to the livelink admin..Hey Kishore where are we on the next OT system. Have the ELIB items(categories and folder looking things) coming along

Livelink Admin-I did that according to documentation.

OT Consultant- How about the dataids did you run the queries I gave you for the re-mapping

Livelink Admin-Yeah everything is there

SAP Basis Admin-All the while thinking that what are these guys talking about re-configure every system.I have about 20 different clients I have to maintain.

OT Consultant-Just to prop up the SAP guy,well you know our guys in Germany are coming up with a Transport mechanism just like yours…

Well finally after a lot of back and forths the project is a success

If it is just a DMS project a lot of us have no problem using the old methods.

I am pretty sure the transport mechanism is a GUI version of XML Export/XMl Import.

The reason why I wrote this is recently a friend asked if he would be lucky in a project that would not have Object Importer(OI)/Object Exporter(OE) and its RM variations.

I told him this

OI/OE can be leased from OT for a price .They used to entertain that.

With XMLEXPORT/XMLIMPORT here are a few things you would run into.

XMLEXPORT is almost available universally but the reverse is not true universally.

. So if one exported PhysObjects the corresponding import will fail.

XMLEXPORT will choke on big documents and the number of nodes because of DOM parser limitations. In OE they bundle the file separately so they can get more throughput even though the code invokes a DOM parser there as well.
XMLEXPORT/XMLIMPORT is based on source dataids which is not going to match targets. So if you find the xml exported file and change the category id’s to match the target it will work.
XMLEXPORT/XMLIMPORT does not understand the hierarchy. For e.g OI will create nodes as it wants enterprise:folder1:::::::::;;;folder99. In XMLEXPORT import you would have to export and follow the reverse process. So if a child object is nested way into a path OI will handle it XML import you will have to handle it
Most people will use XMLEXPORT/XMLIMPORT with lapi code so they can manage a lot of things with code in java or a .net lang

Now that GUIDS are part of 10 and 10.5 I do not know how that affects anything

OI/OE is kind of a framework .So with that I was able to transport compound email,email folder and email in a project with relatively less coding.

Readers-Please tell me if the Tranport Bench from OT is good and easy to use and it resolves conflicts et al and I will delete my post.

CONTENT SERVER CS10 SINGLE SIGN ON

Simple Easy To Understand Livelink Authentication using Just IWA

Update- I have successfully implemented OTDS (Auth & Sync).OT wants all of us to install Tomcat and use java based OTDS for all the things that is Authentication(letting people into livelink) and Synchronization(Creating those people in livelink). Oscript based Directory Services called CSDS will stop shipping when 10.5 dev is complete.I still don’t like the fact that a livelink URL is redirected to TC to come back to livelink,when it could be avoided.That is the mechanism of a OTDS authentication implementation.If left to me I would use OTDS synchronization and just IWA for livelink.

My colleague John taught me how to record video so it is my yet another attempt to teach other users how to make your livelink single sign on

These are my assumptions.You want to run Single Sign on in your livelink.Your livelink is running on windows and uses IIS7/7.5.

Chore #1-Prepare the IIS website for IWA.IWA is called NTLM some times , but if you use Fiddler to watch a request you will see a 401 Challenge against AD. Theory is you are accessing a protected resource and the web server will check against AD. No where remotely connected to livelink software.I also say AD because most companies use that.If your company used something else it would do that.

Kyle Bailey was the first guy to use IIS7 on livelink this link will not work If you do not know preliminaries about IIS learn it.

OT uses almost ditton info in their install documentation

Watch this Video of how I check that.

Checking if IIS is upto our job of providing IWA?

Chore #2-You have to enable the livelink website or VD for IWA. For administrative reasons I usually put a anonymous website so I can login as ‘Admin’ or any other user whose password I can change. I will also create my userid in that livelink before I do this so I don’t get knocked out. So if my domain info was appudomain\appunair in livelink I would create my userid as appunair in lower case

Checking if the Livelink website or Livelink Application is IWA enabled

Chore #3-You have to find CSDS. Oscript Directory services for your version and install it in livelink. Most livelink modules are executable that just drop them into the staging folder. The author assumes the user knows how to do that .If your manager says to do OTDS frown at him and when he is not watching you do this instead.
As of CS10 Update 6 the code to vet the REMOTE_USER into livelink is in core code.All you need is put the livelink webapp as IWA, go to the admin.index and make sure you say “use webserver for authentication” radio button.Here’s an article that was mostly written by me in the Knowledge Base
If your users are using livelink purely thru the webgui this is more than adequate for you.How ever if you find yourselves saying yeah this is fine,but how do I get 2000 users into livelink,that is when “Synchronization” code in CSDS or OTDS comes into play.You can create users in livelink by writing about 20 lines of code reading from a spread sheet as well.
If you have Programmers who were using SSO with lapi or CWS applications they can either change the WSDL to point to the OTDS WSDL .AFAIK it is not possible to entertain coding that des SSO without Oscript Directory Services.

Checking if the Livelink administration page is correct to allow IWA authentication

Chore #4-In case it does not work type ?func=admin.testargs. If you do not see REMOTE_USER is not coming thru you will have to trouble shoot. You have to be a sys admin to do that as well.Note admin.testargs is livelink oscript code spitting out web environment variables.You can find equivalent aspx files in the web.

Why do I not like RCS(OTDS) .It will take a good few years before it is stable. Also I do not like the idea of a call to livelink ,hopping over to Tomcat,to again call AD to return a ticket which again was the REMOTE_USER.Now you would surely benefit if your org wanted to make SAP talk to livelink .Also it is downright confusing if you have to write SSO code against livelink as well.It is confusing to write even when it is IWA on the web server

I feel unless OT is able to assure its existing IIS clientele(about 75 to 80 %) that OTDS will be a better alternative than the OOB IIS IWA, most customers will stay with trusted windows authentication rather than the contraption/conundrum.What they can do is to make the java code base in tomcat stronger rather than telling each customer the slightest crapping out of RCS results in a re-install.What OT does not understand is big companies cannot hot patch /change stuff right when OT wants is that is far from the truth in the ground.Obviously the Synchronization code with which one creates users and groups in livelink is very much better in this java version.Once again many people confuse synchronization to be somehow tied to authentication. Nicht, Nein they are no way connected.Synchronization just allows users and groups to be created and held synchronized based on a LDAP query both of the activities are in no way connected to each other.

If the reader now understands who is doing what then I see why a intelligent user could not use another server say apache or tomcat to do windows authentication and help the livelink world.I just wanted the users reading this to know that OT has no interest in teaching you how to configure IIS as it is expected that a web server admin knows all this.It just happens that Livelink is a webserved application and hence the livelink admin sort of is the IIS admin and so on.

OH MY SAP

Between 2009-2012 I was instrumental in architecting a very large RMlink implementation.I was mainly hired for setting up livelink.livelink RM,archive server.My peripheral duties included acting as SME to the RM link implementation.Further the customer decided they would make use of two OT products one livelink and the other Artesia(DAM) both would sit in the SAP netweaver and be visible based on the employees roles.I know nothing about all that.Slowly but surly I began to understand that livelink a.k.a Content Server is going to be the brains and Archive Server was going to be the brawn in this implementation.The RCS tomcat stack at best could be described a nuisance or so I thought because once it started misbehaving there was nothing you could do other than uninstall.On top of it we were forced to work on a AIX(Unix) archive server implementation.We had specific archive server things that we had to maintian for that to work and with every patch RCS it overwrote everything we had configured.I figured out that RCS was basically using servlet/java code to call livelink that is pretty much it.It would be called “Enterprise library”,ELItem,ELVariant what not but the real fact remains that it is in dtree with a subtype that is known to most livelink people.At a pre -go live meeting a bombshell appeared in the form of a SAP consultant(big manager kind of guy) who said how are you going to handle the authentication ticket from SAP for livelink & Artesia? Upto that time we had created a IWA implementation of livelink replete with LDAP(AD) SSO and we thought that would be it ,the SAP netweaver user and the livelink user is using the same AD and hence would basically be in the same env not challenged by AD.No the manager insisted that livelink and artesia need to work based on the ticket given to you from SAP.It looked like either the manager knew what he was talking about or he just wanted to show off stuff.Everybody started looking at me and I really had nowhere else to look.Luckily a very experienced person came to the rescue and said to me that SAP produces mechanisms for all commercial webservers including IIS & Java stacks.

Now we started in earnest burning the midnight oil and I had a very great apprentice at that time.I would say he is very good

He started getting the IIS web server loaded with the SAP filter it is like the llisapi.dll that we use in livelink and when it works it needs a certificate form the sap instance that is going to decrypt the cookie.Then we tried writing it to REMOTE_USER which it wrote as http_remote_user.I think REMOTE_USER is a variable that you cannot rewrite.In any case we change the livelink to look for that environment variable voila we had SSO based on MYSAPSSO2 in place.Phew.Firefox plugins,Fiddler,Wireshark and a general understanding of what goes and comes where is what on would need to crack things of this nature.BTW I saved all my work in a drive which I have since lost so some of this is from memory.My knowledge of how livelink handles authentication really helped in making this solution.thanks you builder for that.

I later customized the livelink look and feel and removed most unwanted stuff so the real estate was there for people to work

For artesia we had to take the java class file and retrofit the login again this java file would not work in a regular package declaration like one would do.It was not common knowledge and I basically resorted to Reflections code and got it to work.I got in touch with a SAP SDN member who actually said I should use a particular package that SAP produces or not use a package declaration at all.So go figure.Nothing that SAP gives you in documentation says that.So go figure .You could say OT & SAP are birds of the same feather when it comes to hand holding examples.

In the current setting the OTDS conundrum that you load in RCS will handle the SAP logon ticket.I have not yet had the need to make OTDS work in my job so I hope it is easy and past the buggy stage that I have known to associate RCS with .Our OT ECMLink/RM link people always thought livelink impersonation was SSO which again I fought with them telling no they are actually different.In any case the customer did not do ECMlink when I was there other than trial runs.I am sure the java code stack is much better nowadays.

I hope reading this will help somebody in my same shoes

How to Parse a Node’s categories in C# WCF code

****************************************** ***START UPDATE 10/3/2016*****************

**********************************************END UPDATE****************************

Recently a programmer asked me how you would show the values in a nodes categories.He had done all except up to the fact that he did not know how to get the

real values hidden in Stringvalue, Integervalue, boolean etc.I don’t remember seeing a good example but C#’s good debugger helped me.Also quite a posts form people like Sean Walker,Rob Vanderpoel

helped me understand the structure although I like seeing simple full samples rather than snippets

After you get the AttributeGroups,you have to go into that and get the DisplayName and keys and based on the type you have to cast that value making sure to handle nulls as well

perhaps now I can write better set attributes because i was wondering how one would write a generic call with the examples in OT.

I was able to do this in about 1.5 hrs and learned something as well.The code was done in a hurry and based off Jason Smith’s starter examples

here’s a link in case somebody needs it

Or email exchange hiding the actual names etc

Hi Appu,

Thank you for this information, it is very similar to what the REMOVED NAME consultant has produced so far, however the part we are stuck with is getting from the “Key” value to the actual data shown in Livelink.

For example the output for the document you reference below looks something like:

Display Name: Title –- Its key is: 122343.9.24

We would like to see:

Display Name: Title –- Its value is: WEB SERVICES NEED BETTER EXAMPLES

Is this something that you have been able to accomplish? There doesn’t seem to be any calls to make the jump from Key to Value.

Thanks,

Single Sign On and Content Web Services Update

Update 04/28/2016

Pre- Requisites– Livelink 10/10.5/16 Server configured for Single Sign On using IWA . This is for users/companies who allow REMOTE_USER to trickle into livelink. If you have configured your livelink to use OTDS or simply said if OTDS is actually responsible for providing the Authentication then this post does not address that.In CWS which involves a OTDS server you are sourcing your authentication(read a different WSDL than the livelink authentication WSDL) from that.The theory there is your wsapi computer or client will pass your kerberos authentication and OTDS will vet that with AD/DC and pass it back. This OTDS ticket is now usable in your code.

Sample Setup on the WSAPI WEBSERVER

Copy the webservices from OpenText to a folder in the IIS server.For ease we assume your livelink server is on the same host and knows how to handle REMOTE_USER.If you want to run your livelink on another server edit the Web.Config to give it the real server name and port.I doubt if my setup can span computers never tested it that way.
Configure an application that looks like the screen cap
Make sure it has IWA turned onand make sure Extended Protection is OFF
If not already done create a logs directory that is at the same level as \bin and manage its permissions correctly.This can also be done by doing a setspn which is really an advanced topic.The intent is when the client code hits this WSDL the application pool identity will transfer your remote_user and windows will do all that mumbo_jumbo.
Edit the Web.Config carefully after making a copy .I am showing you changes highlighted for Authentication,DocumentManagement& ContentService.The file is rife with several possibilities so start with these 3 and mature into SSL and others
Give the WSDL a whirl .If it cant create a service or the green lines it is not a fault of OT.This is all windows WCF configuration.Check Microsoft sites or google for your errors.Things I check is that if all is successful the logs directory will show windows logs
If the WSDL can now be put into a real source code file and you get errors in your client file the log files will indicate the errors coming from livelink. Note if you were using code form anonymous livelink/wsapi you need to rebuild the source after updating the wsdl’s
The above were tested on a CS10 with oscript directory services and patches for SSO. I wrote a client WS which uses windows authentication and gave it to our app dev team.

If you have the chance to code in this you will be very pleased

LAPI What is It and Should I use it ?

Update:06/12/2017

Realized that OT is supporting old LAPI for their product called Enterprise Scan,Escan used to be completely a client app so if the Livelink server connecting to it is CS16 then OT ask you to install a module.Surreptitiously they call it “Private Bridge Interface” which is all the LAPI Oscript code conveniently bundled into its own Ospace.My guess is this will continue until ESCAN and AGA and other OT bread winners convert to SOAP or REST.

Update:12/29/2015 OT has announced that with the launch of CS 16 there will be no server side oscript to receive lapi calls so don’t waste your time reading this or programming in it.Just keeping this for vestigial reasons.

At time of this writing circa Feb 2013. Open Text’s livelink has been in the market for about 18 years and a fairly loyal fan share.The core software was always enhanced /added on by Oscript but for programmers who wished to do utilities such as adding user’s en masse, deleting things en masse et there was LAPI which stood for Livelink Application Programming Interface .In its inception what I used to see in around 2000,you could program in Java,which I did,there was VB6,there was then C & C++. Vended products such as Livelink Explorer,Authorlink, Autocad Integration etc was around there.In a nut shell these were the steps that one used to take.

Install or copy lapi client files in your computer
Write a program
Compile it and run.

@RunTime the first call which everybody knew as Session creation was akin to Tel netting to the livelink server on Port 2099(default livelink server listening port). As time went by OT added a lot of calls at the LAPI server side so people built a lot of cool things.But there were problems in a way that as modern OOP languages came along they abhorred the idea that livelink was giving them Data structures(LLValue Objects) and making them work thru that.So OT did a small stint they loaded the LAPI libraries on top of a web server and called it Live Services but at that point one could write a web service call.I think it died like the OT’s foray into JavaObjects to replace or do side by side coding as in Oscript. I never understood what one would use JavaObjects for. Note I am not talking about the Oscript to Java Bridge which I have messed with and is very useful.

With the release of 9.7.1 they bundled livelink web services as part of the livelink install the idea bing a company would just use the existing IIS or Tomcat investment and start creating a plumbing conduit into livelink.At CS10 they stopped making a installer for LAPI. I am told that this is because they do not have the development resources to make libraries in several different languages.

The new web services are strongly typed,you never need to guess what you ask livelink and what you get in return.But while that is easy for a programmer to say and do the majority of programmers are called /hired to do something against livelink has no clue how livelink works.So that is where beautifully written /working hand holding programs are needed.Also a programmer need to understand what he is trying to do which may be as simple as logging into livelink and observing the different things.Jason Smith,Scott Grasley,Kyle Swidrowich these are all great OT programmers who are putting such structure into the new web services paradigm.Whenever I find time and needs some challenging stuff I also do put up some samples but most of my time nowadays are in oscript.

Coming back to LAPI the server side remains and will there be for what I can see. If OT basically puts their foot down and remove the API on the server then your program will not work. But then gain it probably is so far around you have no cause for concern.Not having an installer should be less worrying as any old API edition will work in java or a .NET language.That is what I do.I have a new 64 bit computer.I just copy the dll’s from a 32 bit machine and work on a .Net 2.0 framework.I also lost touch of java somewhere along the way.I guess I will have to brush up because OT is going to get us all programming in Eclipse 🙂

So in conclusion it really is your preference on how to code and how well to save your investment

A LAPI call received in the heart of livelink in oscript.If the AccessEnterprise call one sample was not there your investment would suffer

Going by the same token a web services call received in livelink

As you can see when you program in a client application your call needs to come into livelink.In web services they use the web server to get into livelink code.

At this point you are able to create a lapi code page and call the web services code or a web services code piece and call lapi .Increasingly over time lapi server side will cease to be and no effort will go into its up keep.In older versions of web services they used the LAPI dispatcher to send in the web services command now I don’t think it has a dependency on that.

Chris Morley’s comment a little more computer trained person than me

https://knowledge.opentext.com/knowledge/cs.dll?func=ll&objId=33077212&objAction=viewincontainer

Almost Diatribe from an angry user it is fun

HTTPS with Webservices in Livelink

Contrary to stuff that I do this post is basically something I hacked together to make it work.I must have received at least 50 emails for several web services questions.In the absence of OT providing good easy to understand hand holding examples I offer these.If OT ‘s thinking is basically to code a web service a developer needs to take paid training all those things have come to pass.Almost every programming language snippets are available and so there is an expectation that the Vendor provides proper code samples.What I think they should start putting quality samples like what Jason is attempting & conducting webinars .They could do several official things such as how to code when RCS is present, what is the difference between Enterprise Library Services & Livelink web services,How does the new OTDS come into authenticationg into livelink,What one should do and not do,many things the livelink programming community needs help on.This in my mind will ensure a good talent pool of programmers out there who would do things as OT intends to.

I naturally like to understand what I am doing unfortunately in this installment I have resorted to mostly ‘trial & error’

HTTPS and Livelink Web Services code

As we learned on our SSO attempt and livelink web services this time we start with this

Part 1

Make VM IPv4 and disable IPv6 it should work for IPv6 provided you do the stuff in my previous blog.
Make sure the IIS7 livelink webserver is functioning fine
Make sure anonymous(livelink) authentication is fine i.e.’ we can login as the powerful ‘Admin’ and the right password.
Now with our baseline favorite Kyle Swidrowich’s piece of code start making it work without https
We then make IIS HTTPS. Note you cannot make a webserver https commercially without shelling some money.HTTPS needs a certifying authority. For purposes of demonstration I will be using Microsoft’s self-signing certificate. Self-signing certificates are the same secure protocol other than the fact that a commercial company will not stand by it. Products such as archive server uses self-signing certs and OT bundles a signer program so I have used it many times to create closed loops between SAP ,livelink and archive server. For the completely uninitiated a secure transmission means only with the private key can you decipher the communication between the browser and the application so snooping with fiddler/wire shark etc. will give you a lot of garbled messages.
So we manage to login as HTTP on that livelink

Again VC#, At this point this looks promising, Now add quickly DocumentManagemnt.svc and ContentService.svc as well Try Kyle’s code and make it work for HTTPS .Perfect everything works we added the document

Part 2

Making IIS HTTPS

I used this site and followed that

see how simple it was for me a non MS/IIS person to figure this out that is what we sadly lack with OT.

BTW word press cannot do embedded images from my word document.I have the word document replete with screen caps in communities.

And this Now for good measure we need to remove http

If you remember a posting I made and Guy Pomerleaux commented if you have http and https running and OT web services code is accessed you don’t really know you are talking https unless you do this. To keep it simple my livelink is now HTTPs Web GUI or web services. Perhaps if you leave a http listening port this would make your coding easier, but since I am doubtful which protocol will be used I resort to this.My builder program reports HTTPS=on that tells me everything is SSL.

We say yes to the IE warning and proceed to our newly created Livelink website which is now on HTTPS

We have cert errors even after we import the cert to keep IE happy

But I guess it will complain until I paid VeriSign or Thawte some money Perhaps readers can pool some money and buy me a certificate J for all practical purposes I am https

When I try to change my web service references we get this

I say yes

I got this and plenty of yellow looking errors at the livelink web services server when I tried to call the web service. Too many to list and too unknowing to comment on the mumbo jumbo.Essentially at this point I am trying on the server to get this service created.

https://appuw2k8vm/les-services/Authentication.svc

Several errors ensued which I basically got around by removing all traces of places I thought was written for HTTP stuff.

So I remembered form my 9.7.1 that there is some SSL binding stuff we have to do on the web services on the server. So we make a copy of the Web.Config and try it.

Mostly if you remove everything that did not contain SSL and enable the SSL stuff it should work.

Also could not establish trust relationship means you have to install the certificate into the trusted certificate store

A working Web.Config you can find a working app.config you can also find. I am not able to explain the mumbo jumbo as it is mostly trial and error. I hope if any OT knowledgeable people read this they would conduct a webinar on how to do this.

Link 1 The above article replete with screen caps as a word doc

Link 2 The Web.Config that goes on the web services install that works for me

Link 3 The App.Config from my C# application

Single Sign On and Content Web Services for a livelink server

04/28/2016 Why am I keeping this ?This is obsolete like hell

04/17/2013 APPU—–NOTE THIS IS OUTDATED INFORMATION BUT SETUP WISE IT WILL HELP.

IF YOU ARE ON A UPDATE LEVEL 9 AND UP YOUR EXPERIENCES WILL GREATLY BE IMPRESSED

IF YOU ARE A NOVICE TO INTEGRATED WINDOWS AUTHENTICATION (IF YOU RUN LIVELINK IN WINDOWS IIS AND USE AD FOR THAT)LEARN THAT FROM THE WEB AND UNDERSTAND THAT LIVELINK USES THAT UNDER THE COVERS(OSCRIPT CODE IN DIRECTORY SERVICES MODULE) TO GRANT YOU SINGLE SIGN ON.I AM YET TO TRY MY HANDS ON JAVA BASED OTDS(RCS) BASED DIRECTORY SERVICES

Many users who know me from my contributions ask me to write code that helps with their livelink problems.In many cases it is very new programmers who get assigned to write these.They expect almost without success to find snippets of livelink webservice code thru google etc.I have not frankly understood programmer hurry like this but when you program it does not hurt to put a rational outline on what you are trying to do.In any case OT official dom is very notorious for non hand holding.In fact when I first started writing Dr Lapi I seriously doubt if there was a working sample of lapi code you could find in the web.Now that they have started to tell people not to use LAPI they need to put a lot of working examples as a livelink implementation can become very complicated over years of use and maturity.Also customization can alter ways of its working.

SSO or single sign on is not impersonation in livelink.If you have a ID in livelink with System Admin privileges it is very easy to gain access to livelink and do things as another user.While that sounds very insecure the actions are all audited.It is available in Unix,MS and many other applications hence impersonation is nothing to be considered as lowly.However I take exception when you advertise impersonation as SSO.

SSO is mostly applied to a company Intranet.When people and computers need to be managed they would employ a directory server which usually understands the LDAP protocol.In MS centred organization you would hear as Active Directory,in novell it is NDS,in IBM it may be a Domino or is it Tivoli? server,in SUN /ORACLE places it could be their ldap server.When you sign into a domain held computer unbeknownst to you you have established a trust between your device and the company network.So any other application need to trust you for what you are.that is proper SSO.In web application when you hit a IWA enabled website your browser exchanges a 401 challenge which when successful will populate certain environment variables the famous one REMOTE_USER.In a proper livelink SSO exchange we take that env variable and sign you in.In the livelink database such a user would be called a ‘Externally Authenticated’ user.

Well here’s how I got my CS10 Update 6 VM working with SSO code.I write a long word document detailing my challenges but this is the best short way I can give to the community.My research material is uploaded in the communities web site.In retrospect OT is expecting you to use the OTDS java web server maybe to get applications to integrate.That is when you hear terms such as RCS etc.

LIVELINK SETUP

I configured otdsintegration to use webserver authentication.Meaning otdsintegration oscript module allows you a radio button to do web server authentication.I did not configure OTDS(RCS) as I do not have a domain and AD in my VM.
I made the IIS VD for livelink IWA
I checked whether I could login as my domain user in my case my user called ‘Administrator’ I verified what admin.testargs passed in to me
I downloaded old directory services code and installed it luckily there was aversion for CS10.I had to because the otdsintegration module gets you web authentication but not web services authentication.
I put my computer on IPv4 to first test it
I made these changes to my opentext.ini
[Security]
#REM when you install directory services module you can get this ospace
Authentication=NTLM
#REM when IPV6 is installed the crazy looking things is a oscript bug and its defeat by me found thru builder
CGIHosts=::ffff:127.0.0.1,fe80::2d54:a6cb:b5d2:b145%11 I think the code is looking for socket.pPeeraddress
which is the address of the client in fact they should not do that but in IPv4 it is all OK
#REM127.0.0.1 is added by livelink code but the computers IPv4 address
#CGIHosts=
the Web.Config changed for NTLM for the livelink webservices application

CLIENT CODE C# SETUP

App.Config reflected to the same NTLM auth as in Web.Config
Added System.IO
That is about it.

Client stack traces are almost impossible to understand unless you understood livelink code.Since I understood it and was able to understand what they were doing I am providing this.Your setup could vary I have no clue.

Link 1-Interested programmers could see my setup for CS10U6 here—

Link2-The C# solution containing a basic piece of code Kyle Swidrowich Created which I repurposed 🙂

Link3-Livelink Web.Config tthat you have to do for webservices

Link4-My experience when Livelink was 9.7.1wanted to write SSO code

	appukili on Agents Agents Everywhere
	Raja on Agents Agents Everywhere
	Take Some REST… on Code Demonstration Pages
	Z on AddressBook
	appukili on AddressBook

Rate this:

Rate this:

Rate this:

Rate this:

Rate this:

Rate this:

Rate this:

Part 1

Part 2

Rate this:

Rate this: