“Open in mobile” does not work when SSL is forced
We were just in the middle of a migration from IBM Connections 4.5 to 5.0 when we realized a really stupid problem when using the “open in mobile” link that comes with IBM Connections notifications.
… which means “Your request could not be processed”
Well this was really strange. The server was configured in the APP and the access worked without any problem.
I had no idea, why this did not work. So I decided enable tracing of the IBM Connections app and click “open in mobile” in two independent environments. So first thing was to enable DEBUG for the APP:
There you need to enable the “Debug protocol”. After reproducing the error you can send the protocols to any eMail address you want – you`ll have detailed information in this log.
I found the following message in the trace log:
2014/12/14 13:11:17.713 1 FINE ConfigureConnectionsContainerActivity.startCredsWithParams:596 No account with given server exists, creating new account.
Well… So this is why it does not work… No Server account is found.
Digging deeper into the trace I saw a difference the mobile application was opened – the “originalURL” seemed to be different:
2014/12/14 13:11:17.707 1 FINE ConfigureConnectionsContainerActivity.getQueryParams:673 intent's URI: ibmscp://com.ibm.connections/files?uid=1a2615ea-fabf-4ff7-949c-156681fac7b3&originalUrl=http%253A%252F%252FIC5.SERVER.DOMAIN%252Ffiles%252Fapp%252Ffile%252F1a2615ea-fabf-4ff7-949c-156681fac7b3&action=About
2014/12/14 13:19:51.841 1 FINE ConfigureConnectionsContainerActivity.getQueryParams:673 intent's URI: ibmscp://com.ibm.connections/profiles?userid=A25B9996-AD4C-1DBC-C125-7C43004F7D91&entryId=b33455b7-38bb-49b3-b6ef-3043631e2361&originalUrl=http%3A%2F%2FIC5.SERVER.DOMAIN%2Fprofiles%2Fhtml%2FprofileView.do%3Fuserid%3DA25B9996-AD4C-1DBC-C125-7C43004F7D91%26amp%3BentryId%3Db33455b7-38bb-49b3-b6ef-3043631e2361&action=Show
In those URLs you can see the HTML encoding e.g.:
– “/” –> %2F
– “:” –> %3A
The non working one was built up like: http%253A%252F%252FIC5.SERVER.DOMAIN
The working one: http%3A%2F%2FIC5.SERVER.DOMAIN
Well additional parameters “25” in front of the original code made the app think this is invalid. A quick google search showed me the reason for this…
We`re forcing HTTP connections to become HTTPS as in this environment only HTTPS connections are allowed. We`re using mod_rewrite for this (we do not use IBM Connections “forceConfidentialCommunitcations” as then the URL preview does not work anymore in the current IC5 CR1 release):
This rewrites every HTTP request to HTTPS! The Apache mod_reqrite module encodes requests in a different way:
“The %2F is an encoded forward slash (/) while the %252F is double encoded forward slash. This happens because of using the rewrite module that the Apache first encodes the forward slash characters and then encodes them one more time by default. As a result the browser refers to the directory on the Apache server that does not exist as the directories paths are separated by ‘/‘ characters in file system instead of ‘%2F‘ characters, aren’t they?”
I found this explanation and the solution in a blog.
So changing the rewrite rule by adding “NE” to the directive:
And voila… “open in mobile” now works for this environment too.