“Open in mobile” does not work when SSL is forced

“Open in mobile” does not work when SSL is forced

We were just in the middle of a migration from IBM Connections 4.5 to 5.0 when we realized a really stupid problem when using the “open in mobile” link that comes with IBM Connections notifications.

Clicking on this link gave us the following problem:
openinmobile1

 

 

 

 

 

 

 

… which means “Your request could not be processed”

Well this was really strange. The server was configured in the APP and the access worked without any problem.

I had no idea, why this did not work. So I decided enable tracing of the IBM Connections app and click “open in mobile” in two independent environments. So first thing was to enable DEBUG for the APP:

“Settings” – “Protcol”:
openinmobile2

 

 

 

 

 

 

 

There you need to enable the “Debug protocol”. After reproducing the error you can send the protocols to any eMail address you want – you`ll have detailed information in this log.

So I did this for both, the working environment and the non-working one.
The trace file for the non-working one:
openinmobile3

 

 

And the working one:

 

I found the following message in the trace log:

2014/12/14 13:11:17.713    1    FINE    ConfigureConnectionsContainerActivity.startCredsWithParams:596    No account with given server exists, creating new account.

Well… So this is why it does not work… No Server account is found.
Digging deeper into the trace I saw a difference the mobile application was opened – the “originalURL” seemed to be different:

non-working environment:
2014/12/14 13:11:17.707    1    FINE    ConfigureConnectionsContainerActivity.getQueryParams:673    intent's URI: ibmscp://com.ibm.connections/files?uid=1a2615ea-fabf-4ff7-949c-156681fac7b3&originalUrl=http%253A%252F%252FIC5.SERVER.DOMAIN%252Ffiles%252Fapp%252Ffile%252F1a2615ea-fabf-4ff7-949c-156681fac7b3&action=About

working environment:
2014/12/14 13:19:51.841    1    FINE    ConfigureConnectionsContainerActivity.getQueryParams:673    intent's URI: ibmscp://com.ibm.connections/profiles?userid=A25B9996-AD4C-1DBC-C125-7C43004F7D91&entryId=b33455b7-38bb-49b3-b6ef-3043631e2361&originalUrl=http%3A%2F%2FIC5.SERVER.DOMAIN%2Fprofiles%2Fhtml%2FprofileView.do%3Fuserid%3DA25B9996-AD4C-1DBC-C125-7C43004F7D91%26amp%3BentryId%3Db33455b7-38bb-49b3-b6ef-3043631e2361&action=Show

In those URLs you can see the HTML encoding e.g.:

– “/” –> %2F
– “:” –> %3A

The non working one was built up like: http%253A%252F%252FIC5.SERVER.DOMAIN

The working one: http%3A%2F%2FIC5.SERVER.DOMAIN

Well additional parameters “25” in front of the original code made the app think this is invalid. A quick google search showed me the reason for this…

We`re forcing HTTP connections to become HTTPS as in this environment only HTTPS connections are allowed. We`re using mod_rewrite for this (we do not use IBM Connections “forceConfidentialCommunitcations” as then the URL preview does not work anymore in the current IC5 CR1 release):

This  rewrites every HTTP request to HTTPS! The Apache mod_reqrite module encodes requests in a different way:

“The %2F is an encoded forward slash (/) while the %252F is double encoded forward slash. This happens because of using the rewrite module that the Apache first encodes the forward slash characters and then encodes them one more time by default. As a result the browser refers to the directory on the Apache server that does not exist as the directories paths are separated by ‘/‘ characters in file system instead of ‘%2F‘ characters, aren’t they?”

I found this explanation and the solution in a blog.

So changing the rewrite rule by adding “NE” to the directive:

And voila… “open in mobile” now works for this environment too.

Leave a Reply

Your email address will not be published. Required fields are marked *