Recovering diskspace Windows

I will continue the theme as the blog post Kim Greene did https://www.dominodiva.com/2023/12/recovering-disk-space-by-deleting-tmp-files/ (tried to make a comment but got blocked as a suspicious bot ????)

The major problem for me on windows servers is not actually files that ends with .tmp it’s files that start with EO and ends with TM.

These can become several GB of data on a busy domino server not really sure what they are used for but if they are not created today I delete them and haven’t seen any side effects due to this.
I use this command to delete the files del <path to temp folder>\eo*tm /S /Q and run it in a cmd file using windows scheduler, you could probably run it using a program document also. But I haven’t tried that one.

In the same area, newer versions of windows seams to do some cleanup in the temp folder that makes xpages uploads to stop working due to the fact that the xspupload folder is removed this is solved by moving the notes temp folder to another location with a notes.ini parameter notes_tempdir.

Feel free to comment with your best clean up tips!!

Check out my AI powered Bot

I have added an AI powered bot on xpagedeveloper, you will find it in the left lower corner.

It’s packed with Domino knowledge, give it a spin and comment and let me know what you think.
Any response by the bot is ofcourse a suggestion and I don’t take any responsibility for what you do with the result

This is not Domino it’s delivered as a Saas application and can be trained for any business, implementation is simple and require only that an external javascript library in the JS Header.
Contact me if you want to learn more.

Happy Botting

SAML Login redirections problem in Domino 12

Before we dive into the problem, let’s briefly understand the SAML authentication process within HCL Domino:

  1. User requests access: A user attempts to access a resource (e.g., a web application) protected by SAML authentication.
  2. Identity Provider (IdP) initiation: The user is redirected to an Identity Provider (IdP) for authentication. The IdP can be an external service or a SAML-enabled component within Domino itself.
  3. Authentication: The user logs in at the IdP. Upon successful authentication, the IdP generates a SAML assertion, a digitally signed XML document containing authentication information.
  4. SAML assertion delivery: The SAML assertion is sent back to the Domino server.
  5. Domino server validation: Domino verifies the SAML assertion’s authenticity and extracts user identity information.
  6. User redirection: If the SAML authentication is successful, Domino redirects the user to the requested resource.

The Samesite Cookie Issue

The problem arises at step 6 in the SAML authentication process. Users are not being redirected as expected, and this issue is attributed to a relatively new feature in web browsers called “Samesite.”

The user is ending up at the first login page specified, giving users a hard time because they need to navigate back to where they where and links in emails is not working.

What is Samesite?

Samesite is a cookie attribute introduced to enhance web security and user privacy. It specifies how cookies should behave in cross-origin requests. It can have three possible values: “Strict,” “Lax,” or “None.”

  • “Strict”: Cookies are not sent in cross-origin requests, even on top-level navigations. This is the most restrictive setting.
  • “Lax”: Cookies are sent in top-level navigations, e.g., when following links, but not in cross-origin requests triggered by scripts.
  • “None”: Cookies are sent in all requests, regardless of origin.

The Impact on SAML Authentication

The “Strict” value of the Samesite attribute causes the issue during SAML authentication within Domino 12. The samesite options for cookies in domino is a new feature not found in older versions. When Domino sets cookies, such as the session cookie that maintains user authentication state, to “SameSite=Strict,” these cookies may not be sent in the cross-origin request initiated after successful authentication.

This causes Domino to ignore the redirect request, an fellow community member Renato Casati, gave me the solution on Twitter and that was to add a new notes.ini parameter making domino setting the cookie to Lax mode instead.
DOMINO_RELAY_COOKIE_SAMESITE=0

Read more here
https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0103313

Time matters with SAML

Keeping you servers time synked is important for server operations to keep running smoothly. And if you are using SAML it’s crucial because if your servers time drifts away you will get BAD SAML REQUEST and your users can’t login. To find out if this is the problem add DEBUG_SAML=31 (Set it to 0 to turn it off) in your notes ini and look for this entry.

SECCheckSAMLAssertion> NotBefore time check failed : Single Sign-On token has a creation time in the future. Single Sign-On servers may need to have clocks synchronized.

SECCheckAndParseSAMLResponse> Exiting : Single Sign-On token has a creation time in the future. Single Sign-On servers may need to have clocks synchronized.
SECCheckAndParseSAMLResponse failed with error: Single Sign-On token has a creation time in the future. Single Sign-On servers may need to have clocks synchronized.
Error in SAML response – Single Sign-On token has a creation time in the future. Single Sign-On servers may need to have clocks synchronized.

If this is found check the clock on the server and if you can turn on automatical timesynk.

For other SAML problems check out my SAML article Debugging SAML setups in HCL Domino

Certificate Information tool v4

SSL certificates, SAML certificates, Signing certificates the number is long of different kinds of certificates and you might need to check the name of a certificate, the start or end date or perhaps the thumbprint.

I use the tool mainly to get end dates of certificates sent to me from customers because I hate when they expire and need to be changed without any preparation. And the worst kind that most administrators often miss is the certificates that is auto created i.e. in ADFS servers, Azure Enterprise apps, Okta

With Certinfo it super simple to check a certificate CertInfo.exe -file <path to file> -enddate will print the end date and time on the console. Or you can do CertInfo.exe -cert <Base64 of cert> -subject and you will get the subject of the cert.

In version 2 I’ve also added -url as a parameter to get the certificate directly of the webserver.

Version 3 this version have a new parameter called -urlfile it takes an text file with webserver adresses or ip adresses separated with newline and will return the info from all of them.

Version 4 has a parameter to get the info saved in a csv format. also the property -urlinfo to print out the url send in to the command. also the parameter -urlfilestring this enabled you to add a semicolon after the url in a text file and print out this for each line, good when you do a csv printout.
And finally a fix is applied to prevent redirect this is to get the cert from the server that is requested even if it redirects the request.

Download and test CertInfo here

Folder icons created by cahiwak – Flaticon

XPages runtime java errors – One or more parameters are null

I will continue to writeups on strange and sometimes unknown XPage and Java related errors that I encounter. Today I suddenly got a new error I never seen before and started to investigate, finding the solution after some troubleshooting that is a good feeling of beating the computer beast.

Computer beast that has been defeated
AI generated Computer beast

The error I got was this Argument error: One or more parameters are null.
or in swedish Argumentfel: En eller fler parametrar är null.

The error doesn’t say anything about the problem but the lines after this in the strack trace gave me the clue I needed.

com.sun.faces.renderkit.html_basic.HtmlResponseWriter.writeAttribute(HtmlResponseWriter.java:308) com.ibm.xsp.renderkit.html_basic.AttrsUtil.encodeRenderedAttr(AttrsUtil.java:85) com.ibm.xsp.renderkit.html_basic.AttrsUtil.encodeAttrs(AttrsUtil.java:129)

The first line pointed me to something generating html and the second and third line gave me the answer AttrsUtil.java an HTML component with an attribute that has a null pointer error. The attr property on an html component in HCL XPages doesn’t have any nullpointer protection. So in this case I had an attribute pointing to an viewScope variable that was null in some cases and that gave the problem.

My simple solution was to add this function to all attribute values.

function checkNull(data){
 if(data==null){
   return ""
 }else{
   return data
}}

Check out the summary page for all errors I have compiled

The following stack trace is only posted for search engine SEO indexing

java.lang.NullPointerException: Argument error: One or more parameters are null.
    com.sun.faces.renderkit.html_basic.HtmlResponseWriter.writeAttribute(HtmlResponseWriter.java:308)
    com.ibm.xsp.renderkit.html_basic.AttrsUtil.encodeRenderedAttr(AttrsUtil.java:85)
    com.ibm.xsp.renderkit.html_basic.AttrsUtil.encodeAttrs(AttrsUtil.java:129)
    com.ibm.xsp.renderkit.html_basic.OutputTextRenderer.encodeEnd(OutputTextRenderer.java:255)
    com.ibm.xsp.renderkit.ReadOnlyAdapterRenderer.encodeEnd(ReadOnlyAdapterRenderer.java:180)
    javax.faces.component.UIComponentBase.encodeEnd(UIComponentBase.java:1005)
    com.ibm.xsp.util.FacesUtil.renderComponent(FacesUtil.java:857)
    com.ibm.xsp.util.FacesUtil.renderComponent(FacesUtil.java:852)
    com.ibm.xsp.util.FacesUtil.renderComponent(FacesUtil.java:852)
    com.ibm.xsp.util.FacesUtil.renderComponent(FacesUtil.java:852)
    com.ibm.xsp.util.FacesUtil.renderComponent(FacesUtil.java:852)
    com.ibm.xsp.util.FacesUtil.renderComponent(FacesUtil.java:852)
    com.ibm.xsp.util.FacesUtil.renderComponent(FacesUtil.java:852)
    com.ibm.xsp.util.FacesUtil.renderChildren(FacesUtil.java:872)
    com.ibm.xsp.renderkit.html_extended.HtmlBasicRenderer.encodeChildren(HtmlBasicRenderer.java:206)
    com.ibm.xsp.renderkit.ReadOnlyAdapterRenderer.encodeChildren(ReadOnlyAdapterRenderer.java:162)
    javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:979)
    com.ibm.xsp.util.FacesUtil.renderComponent(FacesUtil.java:843)
    com.ibm.xsp.util.FacesUtil.renderComponent(FacesUtil.java:852)
    com.ibm.xsp.util.FacesUtil.renderComponent(FacesUtil.java:852)
    com.ibm.xsp.util.FacesUtil.renderComponent(FacesUtil.java:852)
    com.ibm.xsp.component.UIViewRootEx._renderView(UIViewRootEx.java:1320)
    com.ibm.xsp.component.UIViewRootEx.renderView(UIViewRootEx.java:1258)
    com.ibm.xsp.application.ViewHandlerExImpl.doRender(ViewHandlerExImpl.java:757)
    com.ibm.xsp.application.ViewHandlerExImpl._renderView(ViewHandlerExImpl.java:323)
    com.ibm.xsp.application.ViewHandlerExImpl.renderView(ViewHandlerExImpl.java:338)
    com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:103)
    com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:210)
    com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:120)
    com.ibm.xsp.controller.FacesControllerImpl.render(FacesControllerImpl.java:270)
    com.ibm.xsp.webapp.FacesServlet.serviceView(FacesServlet.java:269)
    com.ibm.xsp.webapp.FacesServletEx.serviceView(FacesServletEx.java:157)
    com.ibm.xsp.webapp.FacesServlet.service(FacesServlet.java:163)
    com.ibm.xsp.webapp.FacesServletEx.service(FacesServletEx.java:138)
    com.ibm.xsp.webapp.DesignerFacesServlet.service(DesignerFacesServlet.java:103)
    com.ibm.designer.runtime.domino.adapter.ComponentModule.invokeServlet(ComponentModule.java:600)
    com.ibm.domino.xsp.module.nsf.NSFComponentModule.invokeServlet(NSFComponentModule.java:1352)
    com.ibm.designer.runtime.domino.adapter.ComponentModule$AdapterInvoker.invokeServlet(ComponentModule.java:877)
    com.ibm.designer.runtime.domino.adapter.ComponentModule$ServletInvoker.doService(ComponentModule.java:820)
    com.ibm.designer.runtime.domino.adapter.ComponentModule.doService(ComponentModule.java:589)
    com.ibm.domino.xsp.module.nsf.NSFComponentModule.doService(NSFComponentModule.java:1336)
    com.ibm.domino.xsp.module.nsf.NSFService.doServiceInternal(NSFService.java:725)
    com.ibm.domino.xsp.module.nsf.NSFService.doService(NSFService.java:515)
    com.ibm.designer.runtime.domino.adapter.LCDEnvironment.doService(LCDEnvironment.java:371)
    com.ibm.designer.runtime.domino.adapter.LCDEnvironment.service(LCDEnvironment.java:327)
    com.ibm.domino.xsp.bridge.http.engine.XspCmdManager.service(XspCmdManager.java:302)


SVG Images not working in older Domino releases

By default svg images doesn’t work in older versions of Domino like version 9.01, 10 perhaps even 11
I have verified in version 12 and there it work fine without problems.

First if you can you should upgrade to version 12 it has so much great features but if you can’t do this for some reason. Luckily there is an easy fix, in the Domino data directory there is a file httpd.cnf open up this file add add this line below i.e the Images section, placement isn’t important.

AddType .svg image/svg+xml # SVG format

save the file and restart you domino server. Remember that cache is always kicking in if you are trying to check if something like this working ???

young troubled woman using laptop at home
Photo by Andrea Piacquadio on Pexels.com

Quest for SAML to everybody continues

My article regarding debugging SAML on HCL Domino is updated today with 2 points

  1. What is the SP certificate used for
  2. What can be wrong when you get a login loop

Check it out in the article

Certificate Information tool

This my new tool for retrieving SSL certification information both for local certs and remote certs on webservers. Runs in the window command window so it can be used for batch scripts.

Find it here

Strange XPage, Unexpected runtime error

I’m going to start a post that I will update regular when I get strange errors that can be hard to find the solution for. Feel free to post a comment or use the contact form to send me your strange errors and a solution or how to debug the problem.

One of the best tools for debugging is to use the Log File reader found on OpenNTF, another good tool also on OpenNTF is the Debug toolbar

But now to the problems and the possible solutions.

Error while executing JavaScript action expression
Script interpreter error Interpret exception

javax.faces.FacesException: Error while executing JavaScript action expression

My script worked fine the first time I clicked on a button on the form. but the second time the same code ran I got this error Interpret exception, the problem was that I had an undeclared SSJS variable that caused the problem. Putting a var before the variable fixed the problem

Argument for ‘importPackage’ must be a package

You are using an SSJS package and is calling a java library and have written the name within quotes.

i.e importPackage(“com.xpagedeveloper”) but you should write importPackage(com.xpagedeveloper)

Events like onclick and partial refreshed is not working at all

Check if you have loaded any external javascript libraries like JQuery or Select2 the problem is probably AMD loaders that is in collision with Dojo. There is two different solutions I know of,

  1. Add some Pre or a post code that disable the AMD Loader, check out this great XSnippet @ OpentNTF
    https://openntf.org/XSnippets.nsf/snippet.xsp?id=hack-to-use-jquery-amd-widgets-and-dojo-together
  2. Or you can go into the Javascript library and remove the amd loader
    https://xomino.com/2015/06/02/select2-v4-needs-amd-fixing-in-domino-r9-xpages/

Clicks gone wild on your XPage

This is a problem I wrote about many years ago and it can be found here
onClick event is trigged where ever I click


This are the first three weird XPage errors but I will continue to add entries here that can help you and me because I can’t count the number of times I’m looking for a problem and I find my own blog with a solution 😉 Also check out my learning XPages page with lots of links

XPage crash with an strange null pointer error
I have done a writeup of the error in a separate post
NullPointerException: Argument error: One or more parameters are null