Integrating IBM Content Navigator with Box

This document provides contains the procedures for configuring Box in IBM Content Navigator and other product usage information.

Creating a Box application for the IBM Content Navigator server

To integrate IBM® Content Navigator with Box, you must first create a Box application.

Procedure

To create a Box application for the IBM Content Navigator server:

1. Go to https://developers.box.com/, select Apps and log in.
2. Click My Apps, and then click Create a Box Application.
3. In the Application Name field, enter the name of your IBM Content Navigator server, and then select Box Content.
4. Click Create Application>Configure Application.
5. For OAuth2 Parameters, set the redirect_uri parameter to your server: https://hostname:port/navigator/jaxrs/oauth2/client_id, where client_id is the OAuth2 client_id that you can get from the Box application. The URI must be HTTPS, or it can be http for either localhost or 127.0.0.1 for development purposes.
6. Click Save Application to save your changes.

Creating the Box repository on IBM Content Navigator

Create a Box repository on IBM Content Navigator to connect to a Box application from one or more desktops.

Procedure

To create a Box repository on IBM Content Navigator:

1. Open the administration tool in the web client.
2. Click Repositories > New Repository, and select Box as the repository type.
3. Specify the repository name.
4. Enable Authenticate with OAuth2 and specify authentication parameters for OAuth2 client_id and OAuth2 client_secret, which you can get from the Box application. If you enable this option, the OAuth2 client_id and OAuth2 client_secret are used to connect to Box from IBM Content Navigator.
   
   Restriction: A single OAuth2 client_id cannot be shared among multiple sites.
   
   If you disable this option, developer tokens that expire in 60 minutes can be used to log on to Box with any user ID, and the developer token as the password. Developer tokens are temporary tokens that you can generate in the Box application.
5. Save the settings. The Connect button is enabled when you save the settings.
6. To test the new repository, click the Connect button, and log on to Box by using a valid Box user ID and password.

Adding a Box repository to the IBM Content Navigator desktop

You can add the Box repository to an IBM Content Navigator desktop.

For IBM Content Navigator Version 2.0.3.6 or later, you can select a Box repository as the primary authentication repository for the desktop in IBM Content Navigator Version 2.0.3.6 or later.

For IBM Content Navigator Version 2.0.3.5, you cannot select a Box repository as the primary authentication repository. Select an IBM FileNet Content Manager, IBM Content Manager, Content Manager OnDemand, or CMIS repository as the authenticating repository.

For your desktop authentication settings, if you specify a Box repository that uses OAuth2 authentication, when a user opens the desktop, the browser is redirected to Box.

• If the user is already logged in to Box, the user must grant access to connect IBM Content Navigator to Box.
• If the user is not logged in to Box, the user must enter a valid Box user account and password to grant access to connect IBM Content Navigator to Box.

Procedure

To add a Box repository to a desktop:

1. Open the administration tool in the web client.
2. Click Desktops, and create a new desktop, or select a desktop to edit.
3. On the Repositories page, select the Box repository from the available repositories list, and add it to the selected repositories list.
4. Save your changes.
5. If you want to use this Box repository as the authenticating repository for the desktop, on the General page, for the desktop authentication settings, select the Box repository.

Enabling Box Share

You can enable Box Share for a FileNet Content Manager repository, or an IBM Content Manager repository. If you enable Box Share, users can select a document to share, and IBM Content Navigator creates a link to the specific version of the document. The user can also specify email addresses to send a link to the shared document.

Users can share a document if they have permission to edit or view the document. Users who have edit access can share a document and can update the share options regardless of who shared the document. Users who have view access can share a document and can update the share options for documents that they share, but cannot update the share options for documents that someone else shared.

To enable Box Share, complete the following steps:

1. Enable task manager in the administration tool Settings.
2. For the Box repository for sharing, set the Share administrator.
3. For a FileNet Content Manager repository, set the task manager connection ID, and enable Box Share. When you save this configuration setting, an add-on is installed on the repository. Box Share is supported on FileNet Content Manager Version 5.2.0 or later.
4. For an IBM Content Manager repository, set the task manager connection ID, enable Box Share, and select the item types that you want users to be able to share. When you save this configuration setting, the classes that you selected are modified on the repository.
5. For the desktop, enable Box Share, select the Box repository for sharing, and configure whether to allow users to edit the email address to send from when sharing a document.

Important: If the authenticating repository for the desktop is an IBM Content Manager repository, ensure that the IBM Content Manager users are also LDAP users.

If you enabled Box share services on a Box repository that you added to the desktop, the Box Share and Delete Box Share menu actions are automatically added to the default context menu. If you create a new custom context menu by copying the default context menu, the Box Share and Delete Box Share menu actions are automatically added to the new custom context menu. However, these menu actions are not automatically added to any custom context menus that you created before Version 2.0.3 Fix Pack 6. To add the menu actions, edit your custom context menu, select the Box Share and Delete Box Share menu actions from the available actions list, and add them to the selected actions list.

If you enable Box Share, a mapping of user IDs and email addresses is required so that the user’s email address can be displayed and used to send the link to the document. For more information about mapping user IDs and email addresses, see Configuring the Email mapping plug-in.

When you share a document from an IBM Content Manager repository, the document version might change, but the content is not affected. For more information, see IBM Content Manager repository document versions might be affected by Box Share.


Enabling Box Copy

You can enable Box Copy for a FileNet Content Manager repository, or an IBM Content Manager repository. If you enable Box Copy, users can copy items to a Box repository, or copy items from a Box repository. Users can select a document, multiple documents, or a folder to copy, and then select the repository and folder to copy the items to. When copying a single document from a Box repository, users have the option to delete the document from the Box repository after the copy completes. When copying a single document from a Box repository, users have the option to select a document in the FileNet Content Manager repository and check in the document from Box as a new version of that document.

To enable Box Copy, complete the following steps:

1. For the desktop, ensure that you connected a Box repository
2. For a FileNet Content Manager repository, enable Box Copy.
3. For a Content Manager repository, enable Box Copy.

Configuring SSL for Box

Enable SSL on the application server for each instance of IBM® Content Navigator to access the Box application.

Procedure

To configure SSL for Box, complete the following steps:

1. Log into the WebSphere Application Server Admin console where IBM Content Navigator is deployed.
2. Go to the appropriate Signer certificates control option.
   o For cluster configuration, navigate to Security > SSL certificate and Key management > Key stores and certificates > CellDefaultTrustStore > Signer certificates.
   o For stand-alone configuration, navigate to Security > SSL certificate and Key management > Key stores and certificates > NodeDefaultTrustStore > Signer certificates.
3. Click Retrieve from port.
4. Specify the Box host name URL for your specific Box application. For example, in the Host field, enter ecmdev.app.box.com, and in the Port field, enter 443.
5. Provide an alias name for your specific Box application certificate. For example, boxecm.
6. Click Retrieve signer information.
7. Save the certificate and save your changes.
8. Repeat steps 2 to 7 to retrieve certificate from "box.com" host with port 443.
9. Re-start all instances of the IBM Content Navigator server.

If your version of WebSphere is not up to date with the POODLE vulnerability fix, also complete the following steps:

1. Go to Servers > Server Types > WebSphere application servers.
2. For each IBM Content Navigator server, click the server name > Java and Process Management > Process definition > Java Virtual Machine.
3. For generic JVM arguments, add the argument -Dhttps.protocols=TLSv1.2.
4. Save your changes.
5. Re-start all instances of the IBM Content Navigator server.

For more information about the POODLE vulnerability, see Security Bulletin: Vulnerability in SSLv3 affects IBM WebSphere Application Server (CVE-2014-3566)


Connecting to a Box repository on a WebLogic Server

If want to add a Box repository to the IBM Content Navigator that is running on the WebLogic server environment using SSL, you must add the following JVM parameter to the WebLogic server startup configuration settings: –DUseSunHttpHandler=true.

This setting ensures that the WebLogic Server makes outbound SSL requests by using the HTTP handler that is preconfigured by IBM Content Navigator instead of using the default WebLogic Server HTTP handler. If you do not set this parameter, you cannot connect to the Box repository.

For more information about the errors that can occur if WebLogic with SSL is not configured correctly, see Troubleshooting: Cannot connect to a Box Repository on a WebLogic Server


Box template metadata schemas

Box template metadata schemas contain the following information:

• The display name of the template
• The display name and data type of each attribute in the template
• The display order of the attributes

IBM Content Navigator uses the Box template metadata schema when you view properties of a document with one or more templates. Box template metadata schemas are handled in the same way that class definitions are handled for other repositories.

For a Box repository, IBM Content Navigator caches all of the Box template metadata schemas and refreshes the cache every hour. The cache is also refreshed when you add new template in Box, and then in IBM Content Navigator, you view the properties of a document that is associated with that template. However, the cache is not immediately refreshed when you add new attributes to an existing template in Box and update the property values for a document that is associated with that template. So, you might need to wait for an hour, at most, before you can view the changes to the properties of the document in IBM Content Navigator.

Exception: Box template metadata schemas are only available within the Box application where the template was created. When collaborating, the document properties view might be different for another collaborator user in the following conditions:

• You add a collaborator to a Box folder
• and the Box folder contains documents that are associated to one or more templates
• and the collaborator is using a different Box application, not the Box application where the template was created

The collaborator user in these conditions might see the following differences:

• IBM Content Navigator displays the internal names of the template and attributes instead of the display names. For example, if the display name of a template is This is my template, the internal name could be thisIsMyTemplate. The Box application displays the template name This is my template, but IBM Content Navigator displays the template name thisIsMyTemplate.
• IBM Content Navigator might display the attributes in a different order than the order defined in the Box template metadata schema.

Searching for documents

Text search criteria is required when you search for documents in a Box repository. Optionally, you can add property search criteria for a single creation date, a modified date, and an owner. For more information about searching for documents in Box by using creation date or modified date: https://developers.box.com/content-times/.

Cross-repository search with Box is supported in IBM Content Navigator Version 2.0.3.6 or later. Text search criteria is required. A cross-repository search that includes a Box repository can return a maximum of 200 documents. If the search exceeds 200 documents, try to refine your search criteria to return fewer results. Alternatively, you can run a single repository search to return more results than the maximum allowed for a cross-repository search.

When searching Box repositories, you can add only the following properties to your mappings: Created On and Modified On. These two properties are the only properties that can be used as search criteria to run a search that includes a Box repository, and you can add each of these mappings only once per search. You can add display-only properties to your mappings, which are used to display information in the search results, but are not used as search criteria to run the actual search.

For more information about cross-repository search with Box, see Searching Box repositories in IBM Content Navigator cross-repository searches.

You can sort a column only when all of the search results are available.

Sorting is not available when you have more than 100 items, unless all of the search results are retrieved and available on the client.

FileNet P8 workflow attachments

You can add a Box document as an attachment to a workflow by using the web client. Then, in the web client or in IBM Content Navigator for Microsoft Office, you can view or delete workflow attachments.

Disconnecting from Box

If you log in to Box, and then you want log on using a different account, first click Disconnect from Box account in the Box application.

Opening Box Notes documents

Box Notes is not supported in Internet Explorer 9.

The first time that you open a Box Notes document in a browser in IBM Content Navigator, the Box logon screen is displayed, and you must log on to Box before you can view the document. Then, when you open another Box Notes documents, in the same browser session, the Box logon screen is not displayed.

Viewing System properties

IBM Content Navigator takes the user's time zone into account when displaying system properties. For example, if you add a document at 1:13PM on August 18, 2015 in the Pacific time zone, a user in Australia (Canberra, Melbourne, Sidney) sees the creation date for that property at the time relative to them (6:13 AM August 19, 2015).

Box displays only the date for these properties, not both the date and time, and it doesn't adjust the date when the time zones have different dates.

The values that IBM Content Navigator displays for the following properties take the user's time zone into account:

• Created On
• Modified On
• Content Created On
• Content Modified On

IBM Content Navigator displays both the date and time, and the date that is displayed in IBM Content Navigator might be different than the date that is displayed in Box.


Backing up your Box repository

If you are using Box as a repository in IBM Content Navigator, you should work with Box and refer to the service-level agreement (SLA) that you have with Box to determine the backup strategy and frequency that meets your business requirements and recovery point objective (RPO). Should it becomes necessary for you to restore the Box repository, you should contact Box to request a restore.

If you are using IBM Content Navigator features that interact with a Box repository with metadata stored in the IBM Content Navigator database, it is highly recommended that you coordinate the backup of both the IBM Content Navigator database and the Box repository with the same frequency and time. This is important in order to restore the repositories to a specific point in time where the metadata in the IBM Content Navigator database are synchronized with the objects in the Box repository.

For more information on backing up IBM Content Navigator, see Backing up IBM Content Navigator.

Known Issues

• You can copy Box Notes or Google Docs documents from a Box repository to a FileNet Content Manager repository or an IBM Content Manager repository. However, these documents cannot be viewed in IBM Content Navigator unless you configure a custom viewer. The viewers that are included in IBM Content Navigator do not support the MIME types for Box Notes or Google Docs.
• If a user shares a document, and then later refreshes the list of documents, the share icon is displayed next to the document name. However, if the share icon remains in pending state or disappears, the password for the share administrator might be expired. To resolve the problem, the IBM Content Navigator administrator can clear and reset the Share administrator configuration option for the Box repository.
• If some documents were in pending state when an error occurred, you might want to change the state to indicate that the documents are not shared. For a FileNet Content Manager repository, you can use ACCE or FileNet Enterprise Manager to change the state of the documents that are in pending state. To change the state to indicate that the documents are not shared, make the following changes:
  1. Search for Box Share Records where the Box File ID is equal to null. If you want to change only the documents that are pending prior to a certain date, you can also add a value for Date Created in your search criteria.
  2. Delete the Box Share Records that are returned from the search.