Issue to open Connections Files app into MS Teams tab with CP integration + Connections with Docs

anon-1468 · July 2, 2021, 8:38pm

Hello!, we are facing an issue using MS teams integration (cp 7.0.1) + Connections 7 with Docs installed.
When we add to MS teams the TAB into a channel it works fine except when we add the TAB with Connections Files view if Connections has Docs installed, after added, it keeps loading and refreshing in a looping. The issue can also be reproduced if we open MS Teams browser version in the same browser with a Connections (+Docs entitlement) session.
Does Anybody has the same issue with this same scenario?

Thanks!

anon-714 · July 7, 2021, 6:00pm

Hi Rodrigo, I meant to post a response yesterday, but didn't have a chance. I'll get back to this question...You may need to open a case for this though.

Thanks,

Wes

anon-714 · July 9, 2021, 6:34pm

Hi Rodrigo,

I think it might be best to open a case for this issue. I wonder if there's an issue with session id or something similar causing this.

This issue only happens when you have a browser tab with Connections (Docs) and MS Teams open at the same time?

When you do open the case, please include:

HAR file or Fiddler when you replicate issue (reloading loop)
A video showing the issue would be helpful

Thanks,

Wes

anon-827 · August 30, 2021, 6:52am

Hello,

we already opened a HCL case 1 month ago. So far no useful response. Just questions about traces and configuration files.

Searching for the root cause by myself was much more productive.

The root cause for this behavior is that the OIDC Relying Party of WebSphere is encoding the email address of the user in the LtpaToken as user id. This is causing the error "SECJ0373E: Cannot create credential for the user <null> due to failed validation of the LTPA token. The exception is com.ibm.websphere.wim.exception.InvalidUniqueNameException: CWWIM1011E The 'martin.schmidt@becketal.com' unique name is not valid."

When checking the IBM Documentation about the OIDC Relying Party the configuration parameter "provider_<id>.mapIdentityToRegistryUser" can be found. Setting this parameter to true, WebSphere is validating the given email from the JWT against the WebSphere user registry and then encodes the LDAP DN into the LtpaToken which is the normal behavior in my WebSphere / HCL Connections installations.

Hope this information helps others to solve this problem.

Martin

anon-714 · August 30, 2021, 8:15pm

Thanks for the update Martin. Our team discussed this issue and Marcos will be following up via case.