Release Notes for iPlanet Application Server (iAS EPE)

Enterprise Pro Edition, Version 6.0, SP3

Updated May 2002




These release notes contain important information available at the time of the release of iPlanet Application Server, Enterprise Pro Edition, Version 6.0, SP3 (iAS EPE). New features and enhancements, known problems, and other information are addressed here. Read this document before you begin using iAS EPE.

An electronic version of these release notes can be found at the iPlanet documentation web site: http://docs.iplanet.com/docs/manuals/. Check the web site after installing your software and periodically thereafter to view the most up-to-date release notes and manuals.

These release notes contain the following sections:




Updated Product Information

iPlanet Process Manager 6.0, SP3 and Unified Integration Framework 6.0, SP2 are certified to run on top of iPlanet Application Server 6.0, SP4. For information about how to set up your environment and upgrade to iPlanet Application Server 6.0, SP4, refer to the iPlanet Knowledge Base article #7830 titled, "iPM and UIF issues when upgrading from iAS EPE 6.0 SP3 to iAS 6.0 EE SP4." The article is located at the following url: http://knowledgebase.iplanet.com/ikb/kb/articles/7830.html




General Information

iPlanet Application Server, Enterprise Pro Edition, Version 6.0, SP3 contains four bundled iPlanet products:

Newsgroups

You may find it useful to subscribe to the following interest groups, where iPlanet Application Server topics are discussed.

Newsgroup topics for iPlanet Application Server include:

General: snews://secnews.netscape.com/iplanet.ias.general

Installation: snews://secnews.netscape.com/iplanet.ias.install

Performance: snews://secnews.netscape.com/iplanet.ias.perf

Clustering: snews://secnews.netscape.com/iplanet.ias.cluster

iPlanet Process Manager has its own newsgroup. Please post questions to:

snews://secnews.netscape.com/netscape.server.processmanager




Supported Systems and Software

The following operating systems and software are supported with this release of iAS EPE. If you are running non-supported versions of these products, you must upgrade to a supported version.



Table 1    Supported Operating Systems and Software 

Operating Systems 

Solaris 2.6, 2.8

Windows NT

Windows 2000 Professional and Server 

Web Servers 

iPlanet Web Server, Enterprise Edition 4.1, SP 7

iPlanet Web Server, Enterprise Edition 6.0 

Directory Servers 

Netscape Directory Server 4.13 

Database Servers and Clients 

Oracle 8.1.6, 8.1.7, 9i Servers, Oracle 8.1.5, 8.1.6 and 8.1.7 Clients

Sybase 11.9.2, 12 Servers, Sybase Open/Client System 11.1.1

Informix 9.2 Server, Informix SDK 2.40 Client 

Third-party JDBC Drivers 

Oracle8i 8.1.6.0.1: Type 4 and Type 2

Sybase jConnect for JDBC 5.2 Type 4

Informix JDBC v1.22 

Web Browsers 

Netscape 4.7

Microsoft Internet Explorer 5.0 




What's New in iAS EPE, Version 6.0, SP3

The following enhancements are new to this release of iPlanet Application Server, Enterprise Pro Edition:

These release notes cover enhancements specific to iPlanet Process Manager 6.0, SP3. For enhancements to the other products bundled with iAS EPE, SP3, please consult each product's release notes.

https Support in iPM 6.0, SP3

https access in iPlanet Process Manager comes into play in three different areas:

Deployment Over https in Process Builder and Command Line Deploy Tool

In iPM 6.0, SP3, Process Builder and the Command Line Deploy Tool (pmdeploy) support the deployment of process applications to the iPM cluster over a web server that uses the https protocol. The https protocol uses a digital certificate to encrypt and send the document securely. Depending on the way the handshake is processed between the server (web server) and the client (Process Builder or Command Line Deploy Tool), there are three options available.

iPM 6.0, SP3 supports only the first option.

Handshake With Server Certificate Only

During the deployment step, the client (Builder/pmdeploy) is presented with a server certificate that must be accepted by the client. This step ensures the client deploys to the correct server. During this step, the client consults its certificate store for an acceptable certificate match. If the certificate presented is not in the store, the client does not allow the communication to go through.



Tip

When communication is rejected in iPM Builder you receive a message indicating that you are not able to connect to the web server. For best results when deploying applications, run Builder from a console window using Builder.bat or Builder.sh and check the console window for any exceptions.



The following sections describe how to set up your development environment to support deployment of iPM applications using https.

Installing the JSSE 1.0.2 Libraries.

To enable https functionality in iPM, you must download the Java Secure Socket Extension (JSSE 1.0.2) package available as a free download from Sun's Java web site: http://java.sun.com/products/jsse/index-102.html.

You can install the JSSE libraries in Builder in one of the two ways. Installation instructions depend on your usage of SSL within the product.

To Install the JSSE 1.0.2 Libraries, choose one of the following procedures:

Configuring the Server (iWS and iPM).

  1. Install the server certificate on the web server and turn on security.

    This involves setting up a web server instance to run in https mode. Refer to the iPlanet Web Server documentation on docs.iplanet.com for instructions on how to do this.

    iWS 6.0

    http://docs.iplanet.com/docs/manuals/enterprise/50/ag/esecurty.htm#1011961

    iWS 4.1x

    http://docs.iplanet.com/docs/manuals/enterprise/41/ag/esecurty.htm#1068714



    Tip

    Saving a certificate in X509 (.CER) format for later use: it is much easier to import a certificate using the following procedure than to extract it from the Netscape Enterprise Server's internal proprietary database.



    When you receive a certificate from the issuing authority, it is in the X.509 format. It should look like this:



    -----BEGIN CERTIFICATE-----
    MIIBqzCCARQCAQAwazELMAkGA1UEBhMCVVMxEz
    EjAQBgNVBAcTCVNhbiBKb3NlIDEVMBMGA1UECh
    zg2M0L0ZCbiX0RjdXf/Jr9NgxDhBCnFTQxcVms
    KoZIhvcNAQEEBQADgYEAn7JxC/KI/OreSf1xC9
    Wbzc1L8RjUSHQH2M+MiHURDHAcFIPsXWILPfu2
    9pt67z7fW0JddXHV58ejARAZxZZLp4nhv2bRQ3
    TS2g8fiV/x2mVetYxlV5AoqznTemLRo=
    -----END CERTIFICATE-----


    Save this certificate to a file, myservercert.cer somewhere on the disk. You will later need to import this certificate file into the local trust database on the machine running Builder/pmdeploy.

  2. Install the iAS plugin on the web server instance and configure it to point toward the iAS instance on which iPM is running.

  3. Create the iPM cluster using this (https) web server instance.

    An iPM cluster created this way will use the https web server instance for future application deployments.

Configuring the Client-side (Builder/Deploy Tool) Trust Database.

To enable the https feature in Builder, complete the following steps:

  1. Import the server certificate into the client's trusted store using keytool.

    For the Builder/Deploy Tool to successfully communicate with the server over https, it is necessary to find the server certificate in the local trust database. For this to happen, you must import the server certificate into the trust database using a utility called keytool.

    Keytool is part of the standard JDK installation. The default trust database that keytool uses is called cacerts. It is located in the <java-install-dir>/jre/lib/security directory.



    Note

    <java-install-dir> in the normal installation is <ipm-install-dir>/ias/usr/java.



    For more information on cacerts and keytool, refer to Java documentation.

    The following commands assume the Server Certificate was saved to a file called /servercert/myservercert.cer

    • Using the Default Trust Database (cacerts)

      To import the saved certificate into the trust database, type the following command into the command prompt.

      <IAS_INSTALL-DIR>/usr/javabin/keytool -import -file /servercert/myservercert.cer -keystore <java-install-dir>/jre/lib/security/cacerts -storepass "changeit"

      To verify that the certificate has been added to the store, type the following command into the command prompt.

      <IAS_INSTALL-DIR>/usr/javabin/keytool -list -keystore <java-install-dir>/jre/lib/security/cacerts -storepass "changeit"



      Note

      The default password for the cacerts trust database is "changeit". This may be different if your Administrator decides to set a different password on it.



    • Using a Different Trust Database

      If you or your administrator decide not to use the default trust database, the command to import the certificate into this store is:

      <IAS_INSTALL-DIR>/usr/javabin/keytool -import -file /servercert/myservercert.cer -keystore <java-install-dir>/jre/lib/security/<name of trust db file> -storepass "<password_of_trust_db>"



      Tip

      The Administrator may want to store the cacerts database on a read only, shared part of the file system and require that all users of the Builder/Deploy Tool point their tools to that location. The server certificate must be imported only once into a common shared location when implementing this method.



  2. Update the JSSE provider (SunJSSE) in the Java installation.

    1. Open the file <java_install_dir>/jre/lib/security/java.security

    2. Add SunJSSE as the second preferred cryptographic service provider as follows:



      security.provider.1=sun.security.provider.Sun
      # Keep above line intact
      security.provider.2=com.sun.net.ssl.internal.ssl.Provider


  3. (Optional) Update the Builder files to reflect any additional https (SSL) options.

    If you are using a non-default trust store, you must make changes to batch files (on NT), shell scripts (on Solaris) and the preferences.ini file (for Builder.exe on NT).

    • Updating Builder files on NT

      Builder.bat Edits:

      Uncomment the lines that contains the SSLOPTS and specify the path of the trust store. Comment out the line that invokes the java executable but does not contain SSLOPTS.

      SET SSLOPTS=-Djavax.net.ssl.trustStore=<full path name of the trust store>

      %JAVA_HOME%\bin\java.exe %SSLOPTS% -ms16M -mx128M -classpath %CPATH% WFDesignerApp

      REM %JAVA_HOME%\bin\java.exe -ms16M -mx128M -classpath %CPATH% WFDesignerApp

      preferences.ini Edits:

      Comment out the classpath line that does not contain the trust store option. Uncomment the next line and provide the path to the trust store.

      #classpath=-Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol -ms16M -mx128M -classpath "classes;lib\jsse.jar;lib\jnet.jar;lib\jcert.jar"

      classpath=-Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol -Djavax.net.ssl.trustStore=<full path name of the trust store> -ms16M -mx128M -classpath "classes;lib\jsse.jar;lib\jnet.jar;lib\jcert.jar"

    • Updating Builder files on Solaris

      Builder.sh and pmdeploy.sh Edits:

      Comment out the line that assigns an empty string to the SSLOPTS variable, uncomment the next line and provide the path to the trust store.

Enabling Content Store over https.

The Content Store helps iPM users upload and download file attachments. The file attachment Java applet communicates to the server via http and https. (The https protocol works only on Netscape browsers.)

Once a file is uploaded to the web server, the process application may require access to it. In this case, the process application needs to use the https protocol to get to the uploaded file if the web server instance is https enabled.

To configure the Application Server environment to make https handshake possible:

  1. Install JSSE jars as a standard Java 2 extension package: copy jnet.jar, jcert.jar, jsse.jar to $JAVA_HOME/jre/lib/ext. The default JAVA_HOME is <ias_install_dir>/ias/usr/java.

  2. (NT-specific) Modify java args On NT.

    1. Open the iAS Registry using kregedit and locate the Java_Args key:
      Application Server\6.0\Java\Java_Args.

    2. Add the following java arg to the key:
      -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol

  3. (Solaris-specific) Modify java args On Solaris.

    1. Open <ias_install_dir>/ias/env/iasenv.ksh

    2. Locate the JAVA_ARGS variable and add the following java arg:
      -Djava.protocol.handler.pkgs=com.sun.net.ssl.internal.www.protocol

  4. Update the JSSE provider (SunJSSE) in the Java installation:

    1. Open the file <java_install_dir>/jre/lib/security/java.security

    2. Add SunJSSE as the second preferred cryptographic service provider as follows:



      security.provider.1=sun.security.provider.Sun
      # Keep above line intact
      security.provider.2=com.sun.net.ssl.internal.ssl.Provider


Enhanced Internationalization Support

This section describes Internationalization Support in iAS EPE.

Enabling Non-ASCII Character Display in Builder

You can configure this service pack of iPM 6.0 to display non-ASCII characters on Builder. To enable non-ASCII character display you must modify the preferences.ini file located in the <iPM install directory>/builder directory.

To enable non-ASCII character display in Builder

  1. Open the preferences.ini file in a text editor.

  2. Uncomment the following entries:



    #NormalTextFont=sansserif:plain:12
    #SmallTextFont=sansserif:plain:10
    #NormalBoldTextFont=serif:bold:14
    #HeadingTextFont=serif:bold:16
    #FixedFont=monospaced:plain:14
    #TitleTextFont=sansserif:bold:12


    To uncomment entries, remove '#' from the beginning of each line.

Enabling the InputMethodEditor for Non-ASCII Character Display in Builder

The non-ASCII character InputMethodEditor is enabled for certain components in this service pack release. The components that support non-ASCII character input method are:

If the Builder is running on an OS with the English locale, the InputMethodEditor is disabled by default; however, you can enable the InputMethodEditor by uncommenting the following line at the end of the preferences.ini file:

#useInputMethodEditor=true

If a non-English locale is set for the OS, the InputMethodEditor is enabled by default; however, you can disable the InputMethodEditor by uncommenting the following line at the end of the preferences.ini file:

#useInputMethodEditor=false

Operating Character Set Changes

The operating character set for iPM has been changed. This service pack of iPM uses UTF-8. All previous versions and service packs used ISO_8859-1.

While using Builder, please note the following:

All new forms created by the form wizard will include the following meta tag:

<META HTTP-EQUIV="Content-Type" CONTENT="text/html;CHARSET=UTF-8">

Before deploying an application, please make sure the character encoding of the forms (html files) matches the character set of the OS where the web server is running.

If an application is developed on NT using the Japanese character set, then deployed to Solaris Japanese operating in a ja locale, you must convert all html files in the application from Shift_JIS (OS character set of NT Japanese) to EUC-JP (OS character set of Solaris Japanese for ja locale).

Some tool applications support character set conversion of files. The JDK also provides the command line tool native2ascii.

To convert a file encoded in Shift_JIS to EUC-JP using native2ascii

  1. Call the command native2ascii shiftJIS.html unicode.html

  2. Call the command native2ascii -reverse -encoding EUC-JP unicode.html eucJP.html

    shiftJIS.html encoded in Shift_JIS becomes euchJP.html encoded in EUC-JP.

To run the iPM application using the new character set, the following items must be set for the iPlanet Application Server, Database Server, and Database Client.

Configuring Locale Settings for Applications Using Multibyte Characters

When forms (html files) contain multibyte characters, the locale for both the development system where Builder is used to develop an application and the target system where the iPlanet Application Server is running must have the same locale setting. The character set used in forms must also match the character set of the locale of the target server system.

The following combinations are valid for a Japanese application:

Windows 2000 Support

Windows 2000 Professional and Windows 2000 Server SP2 platforms are now supported in production and development environments.

Note that only iPlanet Application Server is supported on Windows 2000 platforms. iPlanet Directory and Web Server are not supported by iPlanet Support on Windows 2000 platforms.

iPlanet Web Server 6.0 Support

iPlanet Web Server, Enterprise Edition 6.0 is now supported.




iAS EPE Sample Application

The iAS EPE Sample Application provides an example of how an iPM application can interact with an Enterprise Information System (EIS) using a custom activity. A Stubbed Connector is shipped with this sample application. The Stubbed Connector simulates a real connector and implements the protocol required by Unified Integration Framework (UIF). It returns hard-coded values for queries made from an iPM application custom activity. This Stubbed Connector is used to demonstrate how you can implement a custom activity that interacts with an EIS. This sample application can be downloaded from the following location: http://developer.iplanet.com/appserver/samples

The file GetEmployeeDetails.java, discussed in the documentation that ships with iAS EPE, is placed in the following location when you unzip the VacationRequest application:

on NT: EPE/sampleApp/src/com/iplanet/epe/sample/GetEmployeeDetails.java

on Solaris: EPE/sampleapp/src/com/iplanet/epe/sample/GetEmployeeDetails.java




Bugs Fixed in iAS EPE, Version 6.0, SP3

Below is a short description of the most important bugs fixed in iAS EPE, Version 6.0, SP3.



Table 2    Bug Descriptions 

Bug Number

Description


552407
 

DB runs out of cursors due to WorkItem Bug 

545396
 

Dynamic Group Assignments using IWorkItem.addAssignee(IRole) does not work as expected 

541914
 

PMEngine does not accept dates before 1970 

552971
 

iPM database purging does not work 

518274
 

User Picker Widget does not work 




Known Bugs

This section contains a listing of the more important bugs known at the time of the iAS EPE, Version 6.0, SP3 release. For known problems related to specific iAS EPE bundled products, please read the release notes for each product.



Table 3    Bug Descriptions 

Bug Number

Details


537878
 

Maximum open cursors exceeded (Oracle Driver bug)

In an application using Oracle 8.1.6 third-party drivers (Type 2 and 4), while attempting to query process information, an SQL exception message is encountered stating that maximum open cursors has been exceeded.

Workaround: This is a driver bug which is fixed in the latest version of the Oracle driver. Use the Oracle 9.0.1 driver (Type 2 or Type 4) to get around this problem.

Note: iPM is not certified with Oracle 9.0.1 drivers. 

552200
 

Documentation Bug: Process Manager Documentation for the Command Line Deploy Tool (pmdeploy) lists unavailable optional values

The section "Deploying Applications with the Command Line Deploy Tool" in the chapter "Deploying an Application" from the Process Builder's Guide lists two optional values that are unavailable to the user:

-testing true/false (If the application is in production, the option must be false)

-mode PRODUCTION/DEVELOPMENT

Correction: Do not use these optional values within the command line syntax. You can specify these values in the deployment descriptor (.dd) file. In the deployment descriptor file, the values are:

apptesting: true/false

appstage: DEVELOPMENT/TESTING

If you choose not to specify these options in the deployment descriptor file, the apptesting value defaults to true and the appstage value defaults to TESTING during deployment. 

551156
 

Documentation Bug: wi.assignees() returns an array of objects instead of userids

Currently, the documentation for wi.assignees states:

This method returns a JavaScript array of the user ids of the assignees of a work item. Since automated activities are performed by Process Engine and do not require an assignee, use this method only from a user activity.

Correction: The behavior of the Javascript function wi.assignees() is as follows:

It always returns a JavaScript object. This object could be either a __User (in the case of a user assignee) or a __Role (in the case of a group assignment).

Since the methods on the User object and Role object are different, it is necessary to first determine the type of the object before making invocations on it.

e.g.

  var wi = getWorkItem();

  var assignees = wi.assignees();

  var assignee = assig[0];

    if (__isUser( assignee ))

        java.lang.System.out.println ("This is a Role : " + assignee.getUserId() );

    else if (__isRole( role ) )

        java.lang.System.out.println ("This is a User :" + asignee.getUserId() );

__User Methods:

getUserId

  getUserId() Returns the userId of the JavaScript User object. The User object is a Process Manager-specific object.

__Role Methods:

getName

  getName() Returns the name of the Role in the process application as a string.

contains

  contains(userId) Returns true if the role contains the specified participant given the context of the specified process instance, false otherwise.

members

  members() Returns the list of user IDs for the participants that belong to this role. 

555878
 

Oracle9i does not support Oracle8i JDBC Drivers

The JDBC Thin Driver, provided as part of Oracle 8i releases, cannot be used to connect and run against Oracle9i database.

Workaround: Download and install an Oracle 8i JDBC thin patch (#1725012) to connect to an Oracle 9i back-end, or use Oracle 9i JDBC drivers.

Note: iPM is not certified with Oracle 9.0.1 drivers. 

555807
 

Content Store update—file attachment applet does not work.

Workaround: You must explicitly turn on remote file manipulation to use content store. Remote file manipulation includes put, remove, move, rename, makedir and removedir capabilities. Without this, the file attachment applet does not work. Use the iPlanet Web Server administration facility to turn on remote file manipulation. 




How to Report Problems

If you have problems with iAS EPE, contact iPlanet customer support using one of the following mechanisms:

So that we can best assist you in resolving problems, please have the following information available when you contact support:




For More Information

Useful iPlanet information can be found at the following Internet locations:

Use of iPlanet Application Server is subject to the terms described in the license agreement accompanying it. Copyright © 2001 Sun Microsystems, Inc. Some preexisting portions Copyright © 2000 Netscape Communications Corp. All rights reserved.

Last Updated May 28, 2002