How to use WCF Livelink web services to create a quasi single sign on or login with cookie equivalent of lapi

Recently OT Dev said that don’t really spend time on the Search SOAP service but use the Restful search API that has been there all along these years.

Since almost everything in livelink is served off a URL one of the first things it needs is authentication.For livelink deployments who do not have Single Sign On based on web server auth it is inconvenient that a webapp designed in C# provides links to a livelink URL for e.g I may have an href called “My Assignments” and then I may link it to my livelink server url and the query string ending in personal .assignments

I really don’t think organizations using livelink still use userid/password but this will probably help those users.

http:://my livelinkurl/livelinkvd/llisapi.dll?func=personal.assignments

Now everybody reading this should know that livelink will look for a cookie if not it will present a login screen. Our attempt is to use the token (cookie) returned to us by the CWS auth routine and make sure we can pass it off to a livelink URL or making the request to livelink as if one had logged in and subsequently performing operations.

In my example I am doing this with a LL 9.7.1 version so the ref key word is not used.For newer CWS the ref keyword is needed

SETUP

LL9.7.1 Oracle,IIS6, webserver is anonymous,livelink auth scheme is livelink ,No RCS present,No Dir Svcs module in deployment

in SSO deployments calling a livelink URL from a auth user’s computer results in a pass thru experience so none of this circus is needed anyway.

What I found was if you were adding the LlCookie to the request you have to do a lot of coding as in the user in this thread.I found several hits in the web

to spoof the Cookie but a lot of code for somethingthat you know is not that secure anyway

RE RE RE RE RE Get Region Name

He first gets the auth token and uses cookie setting code to call the search API.

While that is all good and dandy  if you have access to  a web debugging tool like Fiddler if you capture traffic for the first auth call you can see your userid+password

if it is a HTTP connection.I am not sure what it will look if my livelink was HTTPS.So I would just build a userid/password url and specify everything in NextURL.

So if I was coding a C# app and wanted to call my search system in livelink I would just use the simple approach

http://llappu971vm:8080/livelink/livelink.exe?func=ll.login&username=livelinkuser&password=livelinkpassword&nextURL=%2Flivelink%2Flivelink.exe%3Ffunc=ll%26objId=670175%26objAction=browse%26viewType=1

In the above URL the Func=ll.login sets the Cookie and then the NextURL is indicated,it is just webescaped for transmission

Single Sign On and Content Web Services Update

Update 04/28/2016

Pre- Requisites– Livelink 10/10.5/16  Server configured for Single Sign On using IWA . This is for users/companies who allow REMOTE_USER to trickle into livelink. If you have configured your livelink to use OTDS or simply said if OTDS is actually responsible for providing the Authentication then this post does not address that.In CWS which involves a OTDS server you are sourcing your authentication(read a different WSDL than the livelink authentication WSDL) from that.The theory there is your wsapi computer or client will pass your kerberos authentication and OTDS will vet that with AD/DC and pass it back. This OTDS ticket is now usable in your code.

 

Sample Setup on the WSAPI WEBSERVER

  1. Copy the webservices from OpenText  to a folder in the IIS server.For ease we assume your livelink server is on the same host and knows how to handle REMOTE_USER.If you want to run your livelink on another server edit the Web.Config to give it the real server name and port.I doubt if my setup can span computers never tested it that way.
  2. Configure an application that looks like the screen capsso setup
  3. Make sure it has IWA turned onsso1and make sure Extended Protection is OFF
  4. If not already done create a logs directory that is at the same level as \bin and manage its permissions correctly.This can also be done by doing a setspn which is really an advanced topic.The intent is when the client code hits this WSDL the application pool identity will transfer your remote_user and windows will do all that mumbo_jumbo.windows acl
  5. Edit the Web.Config carefully after making a copy .I am showing you changes highlighted for Authentication,DocumentManagement& ContentService.The file is rife with several possibilities so start with these 3 and mature into SSL and others Web.Config
  6. Give the WSDL a whirl .If it cant create a service or the green lines it is not a fault of OT.This is all windows WCF configuration.Check Microsoft sites or google for your errors.Things I check is that if all is successful the logs directory will show windows logs
  7. If the WSDL can now be put into a real source code file and you get errors in your client file the log files will indicate the errors coming from livelink. Note if you were using code form anonymous livelink/wsapi  you need to rebuild the source after updating the wsdl’scode
  8. The above were tested on a CS10 with oscript directory services and patches for SSO. I wrote a client WS which uses windows authentication and gave it to our app dev team.

If you have the chance to code in this you will be very pleased

LAPI What is It and Should I use it ?

Update:06/12/2017

Realized that OT is supporting old LAPI for their product called Enterprise Scan,Escan used to be completely a client app so if the Livelink server connecting to it is CS16 then OT ask you to install a module.Surreptitiously they call it “Private Bridge Interface” which is all the LAPI Oscript code conveniently bundled into its own Ospace.My guess is this will continue until ESCAN and AGA and other OT bread winners convert to SOAP or REST.

 

Update:12/29/2015 OT has announced that with the launch of CS 16 there will be no server side oscript to receive lapi calls so don’t waste your time reading this or programming in it.Just keeping this for vestigial reasons.

At time of this writing circa Feb 2013. Open Text’s livelink has been in the market for about 18 years and a fairly loyal fan share.The core software was always enhanced /added on by Oscript but for programmers who wished to do utilities such as adding user’s en masse, deleting things en masse et there was LAPI which stood for Livelink Application Programming Interface  .In its inception what I used to see in around 2000,you could program in Java,which I did,there was VB6,there was then C & C++. Vended products such as Livelink Explorer,Authorlink, Autocad Integration etc was around there.In a nut shell these were the steps that one used to take.

  1. Install or copy lapi client files in your computer
  2. Write a program
  3. Compile it and run.

@RunTime the first call which everybody knew as Session creation was akin to Tel netting to the livelink server on Port 2099(default livelink server listening port). As time went by OT added a lot of calls at the LAPI server side so people built a lot of cool things.But there were problems in a way that as modern OOP languages came along they abhorred the idea that livelink was giving them Data structures(LLValue Objects) and making them work thru that.So OT did a small stint they loaded the LAPI libraries on top of a web server and called it Live Services but at that point one could write a web service call.I think it died like the OT’s foray into JavaObjects to replace or do side by side coding as in Oscript. I never understood what one would use JavaObjects for. Note I am not talking about the Oscript to Java Bridge which I have messed with and is very useful.

With the release of 9.7.1 they bundled livelink web services as part of the livelink install the idea bing a company would just use the existing IIS or Tomcat investment and start creating a plumbing conduit into livelink.At CS10 they stopped making a installer for LAPI. I am told that this is because  they do not have the development resources to make libraries in several different languages.

The new web services are strongly typed,you never need to guess what you ask livelink and what you get in return.But while that is easy for a programmer to say and do the majority of programmers are called /hired to do something against livelink has no clue how livelink works.So that is where beautifully written /working hand holding programs are needed.Also a programmer need to understand what he is trying to do which may be as simple as logging into livelink and observing the different things.Jason Smith,Scott Grasley,Kyle Swidrowich these are all great OT programmers who are putting such structure into the new web services paradigm.Whenever I find time and needs some challenging stuff I also do put up some samples but most of my time nowadays are in oscript.

Coming back to LAPI the server side remains and will there be for what I can see. If OT basically puts their foot down and remove the API on the server then your program will not work. But then gain it probably is so far around you have no cause for concern.Not having an installer should be less worrying as any old API edition will work in java or a .NET language.That is what I do.I have a new 64 bit computer.I just copy the dll’s from a 32 bit machine and work on a .Net 2.0 framework.I also lost touch of java somewhere along the way.I guess I will have to brush up because OT is going to get us all programming in Eclipse 🙂

So in conclusion it really is your preference on how to code and how well to save your investment

A LAPI call received in the heart of livelink in oscript.If the AccessEnterprise call one sample was not there your investment would suffer

apicall

Going by the same token a web services call received in livelink

webservicecall

As you can see when you program in a client application your call needs to come into livelink.In web services they use the web server to get into livelink code.

At this point you are able to create a lapi code page and call the web services code or a web services code piece and call lapi .Increasingly over time lapi server side will cease to be and no effort will go into its up keep.In older versions of web services they used the LAPI dispatcher to send in the web services command now I don’t think it has a dependency on that.

Chris Morley’s comment a little more computer trained person than me

https://knowledge.opentext.com/knowledge/cs.dll?func=ll&objId=33077212&objAction=viewincontainer

Almost Diatribe from an angry user it is fun

Using the New Storage Rules Wizard on a LES9.7.1

Friday April 24, 2009

Using the New Storage Rules Wizard on a LES9.7.1

Posted by anair@alitek.com on 04/24/2009 08:57 AM
My rating:(1 rating )
Using the New Storage Rules Wizard on a LES9.7.1Recently I was playing with LEA as an alternate storage provider.So the storage provider rules dawned on me and I saw a rule that looks like this Attribute ‘?’ Value is ‘?’.I looked at how one would go about it and the help had nothing.I asked OT support who added me to a ticket and said they would let me know in a patch later.So I just asked around other friends etc who did not know either.But John Simon my good friend from COP asked me this “so did they ever tell you what to put in?  Or have they decided it is bugged and you can’t put anything in to make it work?”That challenged me so I decided to look at what the  code was doing or how one would do this.Without further ado here’s one way that works.My category name is called ‘CoreCatAtts’

My attribute Name is called ToStoreWhere its index is 4.This is to deliberately mislead you.

So the Attribute Spec has to be written like this

CoreCatAtts[1].ToStoreWhere[1] picture of the rule will make it more worthwhile to the reader

llisapi.dll

For Developers who want to see what all that means

The way you are supposed to use it is like that

CategoryName[1].AttributeName[1]

Don’t be tempted by putting the attribute index it is figuring that from the name.

the number 1 after category name specifies the Root Set

and the number 1 after attribute name says the row where it is found(they have generic function for row number to handle MVA)

{{3762.2},{1,1.4,1}} that is what they are making it do

what it means is find the category with defid 3762 and version 2

and the Root Set 1,Row 1,ID and first value of that ID

So in oscript if I wanted to find the value of attribute (ID=4) at its 4 th row

will be like this {{3762.2},{1,1.4,4}}

Try it out and see if that works for you 🙂

The Perils of Using Default Access List

Thursday November 12, 2009

The Perils of Using Default Access List

Posted by anair@alitek.com on 11/12/2009 01:22 PM Functions
My rating:
4 star overall rating. (1 rating )
The famous Default Access List that stays with every object in LES.Every now and then people get into all kinds of arguments on how to use a ACL effective for the organization.Recently as of today somebody had a 911 on it and my dear friend John Simon commented.I did and Jim Coursey wrote an exctensive good reply.I wanted to see if I had forgotten what I learned so I wrote this little document to help.Discussion Thread on thishttps://knowledge.opentext.com/knowledge/llisapi.dll/open/16960219Most experienced Livelink administrators understand ACL’s really well and are guided by Open Text or some other experienced persons in setting up a organizational security model .However when writing this we are in a severe economic downturn so most new people have no inkling on how livelink works,how security works and that sort.All they get is the standard OT training and I really don’t think they cover this at all.Most think of Scare Point as the ultimate and it is just a call to the SP admin who logs on clicks a link adds the AD group to the ACL and lo and behold you have a link where you can all communicate/ collaborate while the system is up and running.This is just written for upcoming people so that they understand what they can avoid.I got into this after a user started having qns on some stuff that RecMan poses and my good friend and mentor John Simon COP said something very straightforward.I added to the reply and Jim Coursey also contributed.The trouble is the default access list that Livelink provides out of the box is really geared for a system administrator who understands the livelink owner role.However in a roll out all these get really muddled and then you have a chaotic security model that nobody can ever comprehend. .I wrote an article to complement John’s KISS(Keep It Simple ,S*****)  method  it and hopefully somebody may find it useful.This has already been attempted at OT by another article but mine has some screen shots for the impatient 🙂
https://knowledge.opentext.com/knowledge/llisapi.dll?func=ll&objId=3498977&objAction=ArticleView

Please do let me know if this article has factual errors.I would not want to mislead anyone.So post why you think this is problematic and why you would like to give Owner a lot of unwanted perms.

Attachments:
Document Perils of using the high privs associated with Owner.docx (254 KB) Functions Download
Hide Recent Comments

Re The Perils of Using Default Access List – kenneth.huie@mantech.com  Wed Nov 18 11:04:09 2009
Appu,   This is a great write up!  I appreciate your document and the references you provided. You are so right, this is such a huge topic in that its impact is often not fully understood and the results of incorrect usage of the OWNER …
Attachments:
Document Access Control TIP.doc (23 KB) Functions Download

Single Sign On and Content Web Services for a livelink server

04/28/2016 Why am I keeping this ?This is obsolete like hell

04/17/2013 APPU—–NOTE THIS IS OUTDATED INFORMATION BUT SETUP WISE IT WILL HELP.

IF YOU ARE ON A UPDATE LEVEL 9 AND UP YOUR EXPERIENCES WILL GREATLY BE IMPRESSED

IF YOU ARE A NOVICE TO INTEGRATED WINDOWS AUTHENTICATION (IF YOU RUN LIVELINK IN WINDOWS IIS AND USE AD FOR THAT)LEARN THAT FROM THE WEB AND UNDERSTAND THAT LIVELINK USES THAT UNDER THE COVERS(OSCRIPT CODE IN DIRECTORY SERVICES MODULE) TO GRANT YOU SINGLE SIGN ON.I AM YET TO TRY MY HANDS ON JAVA BASED OTDS(RCS) BASED DIRECTORY SERVICES

Many users who know me from my contributions ask me to write code that helps with their livelink problems.In many cases it is very new programmers who get assigned to write these.They expect almost without success to find snippets of livelink webservice code thru google etc.I have not frankly understood programmer hurry like this but when you program it does not hurt to put a rational outline on what you are trying to do.In any case OT official dom is very notorious for non hand holding.In fact when I first started writing Dr Lapi I seriously doubt if there was a working sample of lapi code you could find in the web.Now that they have started to tell people not to use LAPI they need to put a lot of working examples as a livelink implementation can become very complicated over years of use and maturity.Also customization can alter ways of its working.

SSO or single sign on is not impersonation in livelink.If you have a ID in livelink with System Admin privileges it is very easy to gain access to livelink and do things as another user.While that sounds very insecure the actions are all audited.It is available in Unix,MS and many other applications hence impersonation is nothing to be considered as lowly.However I take exception when you advertise impersonation as SSO.

SSO is mostly applied to a company Intranet.When people and computers need to be managed they would employ a directory server which usually understands the LDAP protocol.In MS centred organization you would hear as Active Directory,in novell it is NDS,in IBM it may be a Domino or is it Tivoli? server,in SUN /ORACLE places it could be their ldap server.When you sign into a domain held computer unbeknownst to you you have established a trust between your device and the company network.So any other application need to trust you for what you are.that is proper SSO.In web application when you hit a IWA enabled website your browser exchanges a 401 challenge which when successful will populate certain environment variables the famous one REMOTE_USER.In a proper livelink SSO exchange we take that env variable and sign you in.In the livelink database such a user would be called a ‘Externally Authenticated’ user.

Well here’s how I got my CS10 Update 6 VM working with SSO code.I write a long word document detailing my challenges but this is the best short way I can give to the community.My research material is uploaded in the communities web site.In retrospect OT is expecting you to use the OTDS java web server maybe to get applications to integrate.That is when you hear terms such as RCS etc.

LIVELINK SETUP

  1. I configured otdsintegration to use webserver authentication.Meaning otdsintegration oscript module allows you a radio button to do web server authentication.I did not configure OTDS(RCS) as I do not have a domain and AD in my VM.
  2. I made the IIS VD for livelink IWA
  3. I checked whether I could login as my domain user in my case my user called ‘Administrator’ I verified what admin.testargs passed in to me
  4. I downloaded old directory services code and installed it luckily there was aversion for CS10.I had to because the otdsintegration module gets you web authentication but not web services authentication.
  5. I put my computer on IPv4 to first test it
  6. I made these changes to my opentext.ini
  7. [Security]
  8. #REM when you install directory services module you can get this ospace
  9. Authentication=NTLM
    #REM when IPV6 is installed the crazy looking things is a oscript bug and its defeat by me found thru builder
    CGIHosts=::ffff:127.0.0.1,fe80::2d54:a6cb:b5d2:b145%11 I think the code is looking for socket.pPeeraddress
  10. which is the address of the client in fact they should not do that but in IPv4 it is all OK
    #REM127.0.0.1 is added by livelink code but the computers IPv4 address
    #CGIHosts=
  11. the Web.Config changed for NTLM for the livelink webservices  application

CLIENT CODE C# SETUP

  1. App.Config reflected to the same NTLM auth as in Web.Config
  2. Added System.IO
  3. That is about it.

Client stack traces are almost impossible to understand unless you understood livelink code.Since I understood it and was able to understand what they were doing I am providing this.Your setup could vary I have no clue.

Link 1-Interested programmers could see my setup for CS10U6 here—

Link2-The C# solution containing a basic piece of code Kyle Swidrowich Created which I repurposed 🙂

Link3-Livelink Web.Config tthat you have to do for webservices

Link4-My experience when Livelink was 9.7.1wanted to write SSO code

Agents Agents Everywhere

Agents standing for Scheduled agents are the most commonly misunderstood things in livelink .I have senior livlink people, friends,who think that the Admin Service is responsible for running schedulers.In any case since I started early in version 8.1.5 there was a 3rd service called ‘Change Agents’. I digress but here’s what I wanted to write.

If you see in your opentext.ini a line called loader=sockserv;agents;notify     these are insructions to the LLserver to run those as “threads” in the LL System.For almost all livelink history agents and notify are run in separate threads.Notify runs in the notify thread for the list it controls and agents in its list.

Main tables involved are LLNOTIFY,LLEVENTQUEUE,AGENTSCHEDULE

See official OT Links

https://knowledge.opentext.com/go/15080520

The above link was published by OT when I as a junior admin(2003/2004 period) tried to debug the extreme load on our system my senior colleague John Simon and Mark Simm were on email and phone and both were very good on oscript.I slowly learned oscript to kind of become good at it.Right now very few companies split notifications and the current OT code has bugs which I have reported.But it will affect companies who are doing split notifications as nobody usually does it.

https://knowledge.opentext.com/knowledge/cs.dll?func=ll&objId=3499001&objAction=ArticleView&viewType=1

I have a problematic agent.It is common knowledge or with a little bit of research one can figure out how agents are run.For the record here’s what it would take to make an agent id 0f 222378 I made that number up run in a LIVELINK server.

  1. Create module and write the agent code.Put 222378 as its id.Register the agent with the livelink tables either using SQL or a weblingo file.If everything goes well you can now run a query like this to find it select * from agentschedule where agentid=222378
  2. It is quite possible that in your opentext.ini it will put under this area something like this
  3. [scheduleactivity]
    1000=1
    222378=1 //this means run THIS agentid on THIS SERVER
  4. 222379=0 //this means run DO NOT RUN THIS agentid on THIS SERVER
  5. And this line should allow agent threads to run
  6. [loader] //this is the magic line for making a livelink server a agent/notify server
    #load=sockserv;javaserver;agents;notify;wfagent
    load=sockserv;javaserver;agents
    #load=sockserv;javaserver;agents;notify;notify_9001;notify_9201;notify_9999
    #load=sockserv;javaserver;agents;notify;notify_9001;notify_9999
    #load=sockserv;javaserver
    load_relagent=relagent //Notice there are so many ways to split agents
  7. In small livelink organizations the Admin server is used to run notifications,agents and wfagents that is the reason why everybody thinks admin service is responsible for something.It is not faintly connected to scheduling.Usually that is the only server that would have that line like this

load=sockserv;javaserver;agents;notify;wfagent                               most front end servers will say load=sockserv;javaserver;

This is needed because otherwise all the agents will start at the same time.You can avoid it by putting the agentid=0 in other servers.

Here’s what will happen at about 5 minutes since a livelinkserver is started not based on the computer clock,this agent thread starts up as agents101.out.The first thing it will do is run this oscript line $LLAgent.AgentController.New().Execute( .fPrgCtx, args.Agent_list, args.ExcludeAgent_list ) which means run one of those controller lines with this parameters.So to run it for debugging you can do something like

?func=agent.runagent&agent_list={‘222378’} so almost like saying hey livelink can you run the code in agentid 222378.

Here’s where I went wrong.say for e.g 222378 was not registered in the DB then this call translates to while I have very intention of running your agent I am not getting a hit for 222378 so the net effect is livelink will run all outstanding agents which you are trying not to do.Since agents are serial it will be sometime for the real interested agent to get that call.

To do manual running you usually do this

To test with builder…

DO NOT DO THIS IN A PRODUCTION SERVER THIS IS ONLY FOR DEVELOPERS WHO WANT TO RUN CODE

– In opentext.ini set/add the following:
[options]
RunWithoutLogin=TRUE

– In the browser type the following URL:
http://……./livelink.exe?func=agent.runagent
http://localhost/livelink/livelink.exe?func=agent.runagent&agent_list=’XXXX’

When this call hits livelink that thread finds out from the agentschedule table all agents who has the lastruntime in the past.Then it verifies who all are qualified (0 or 1 or no info is regarded as enabled agent ) to run then it prunes the excluded_agent_list and tries to run the agent_list

If one of those agents in the list do not come out clean as in a bug /exception/trace then it will error out and the nexttime is not updated.So it will start a vicious cycle that is when you see like why is my DirSvcs agent who is supposed to run once every day run every five minutes

This is a very common occurence of low agentid’s DirSvcs,OI etc who are in the 2000 range

To jQuery or Not to Jquery

(ODD results is SAP ,EVEN is CS)

Recently a poster facing problems with how xECM and Livelink manages content posed this question.He basically wants some results excluded when a search is performed.The correct implementation of this is by permissions.The poster wants to use appearances and cheap gimmicks like that .I also do not really know a lot of advanced html so when I hear people rave about jQuery and its infinite possibilities I am  usually thinking wow I could never understand those.Note any self respecting programmer will be able to trace the weblingo of my implementation to a file in the livelink directory  Here’s the question posed by the poster in KB RE How to restrict Function Menu in search result?

Now a fair amount of warning as advertisers put in Advertisements .Professional do not attempt this at a live livelink installation. You need to really use htmlmap, overrideutils or customizations_RT before attempting this.But here’s the  jist of what I am doing

For some context I am considering every odd row of my results to be coming from SAP and evens to be “showable with the function menu”. So if we look at the source of the document of the  searchresults in a 9.7.1 livelink I see this the ‘x5’ is the dead giveaway in this case.Since I mess with oScript all the time I can see that count going x1,x3,x5,x7 etc…..

<A HREF=”javascript:(0)” ONCLICK=”javascript:setSectionName(”);showFunctionMenu2(‘nextURL=%2Flivelink%2Fllisapi%2Edll%3Ffunc%3Dsrch%2ESearchCache%26cacheId%3D1125829432’, 5, event, ”, ‘?func=SearchResultsFunctionMenu&amp;hitID=5&amp;searchCacheID=1125829432&amp;version=0&amp;dataID=62740&amp;HH=false&amp;subtype=264’ );setSectionName(”);return false”><IMG SRC=”/img/actions.gif” ID=”x5″ BORDER=”0″ ALT=”Functions” ></A>

Now that we have done our research we need to see if we have JQuery in livelink. In short of time and doing this not for money and interest only in this I googled and downloaded

jquery-1.8.2.min.js and then I found this file called resultlist2.html. It is my livelink on a VM and I have a snapshot thing so I am doing in place editing(Tsk Tsk Do Not Ever Do It)

Now I put where OT has a js file .My oscript tells me that that is the webnode support directory

<SCRIPT TYPE=”text/javascript” SRC=”`webNodeImgPrefix`browsecorermenu.js” LANGUAGE=”javascript”></SCRIPT>
<SCRIPT TYPE=”text/javascript” SRC=”`webNodeImgPrefix`jquery-1.8.2.min.js” LANGUAGE=”javascript”></SCRIPT>

Now to see if everything works we need some tests

so from the web lots of excellent samples I put these together

<script>
$(document).ready(function(){
$(“p”).click(function(){
$(this).hide();
});
});
</script>

<script>
$(document).ready(function(){
$(“TR”).click(function()
{
$(“#x1”).hide();
$(“#x3”).hide();
$(“#x5”).hide();
$(“#x7”).hide();
}

);
});
</script>

<script>
$(document).ready(function(){
$(“a”).click(function(){
$(this).hide();
});
});
</script>

This is like a recipe in a cookery show.I must have spent close to 3 hrs twiddling with what I am doing.Note I would have been able to do this in oscript much faster but that was not my intention.I wanted to learn Jquery so that is why this looks weird if there are a some oscripters going  “that appu he is really going down the edge….”

Now when I restart my livelink and conduct a search all my ODD results don’t have any function menu.Here’s when the page loads first

Full Results

Now when I click that is I have a event that says when the <TR> area is clicked that is when my event fires

What remains maybe do it for real when it is called for remove the hard code and put a real counter,maybe make it work without the <TR> click event….

I am sure the poster gets some kind of header variable like MYSAPSSO2 in livelink so some keying off that and implementing the business rules could be thought off

This is great Long Live JQuery….