IBM Support

How to connect the newest March 2023 IBM Maximo Anywhere Android Apps to IBM Maximo ?

How To


Summary

The newest Android Apps for IBM Maximo Anywhere are required by Google to adhere to "Target API level Requirements for Google Play Apps". Thus the IBM Maximo Anywhere Development team generate the SDK-31 APK that are abiding by this new requirement.

The use of SDK-31 App requires the implementation of the resolution mentioned under "Steps". This is to ensure the newest Android device users with the latest downloaded Apps are able to continue to use the IBM Maximo Anywhere on their Android 11 or higher devices (SDK-30 or higher).

Objective

The changes required owning to the fact Chrome 80 onwards the update to this "SameSite":
https://developers.google.com/search/blog/2020/01/get-ready-for-new-samesitenone-secure is paramount for the IBM Maximo Anywhere authentication.


This problem had become pronounced owning to the new requirement set by Google for the Android Apps and thus the solution here now is to update the IBM HTTP Server or IBM WebSphere Application Server as outlined in this link:
https://www.ibm.com/support/pages/browser-changes-samesite-cookie-handling-and-websphere-application-server

                       

Steps


1.  Ensure that the IBM Maximo Anywhere traffic goes to the IBM WebSphere Application Server through the IBM HTTP Server (IHS). You can refer to this IBM Docs article:
https://www.ibm.com/docs/en/ibm-http-server/9.0.5?topic=archive-configuring-http-server-websphere-application-server

2.  Copy contents of the file https://publib.boulder.ibm.com/httpserv/ihsdiag/_static/samesite-global.conf (which is available in the link - https://www.ibm.com/support/pages/browser-changes-samesite-cookie-handling-and-websphere-application-server) into the top of the section of the httpd.conf file in IHS. In the httpd.conf (before the ServerRoot section) you would need to include the contents of the above “samesite-global.conf” file. The contents, for example, are as follows -
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements.  See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License.  You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# This file is meant to be included in global scope in httpd.conf
# Requires mod_setenvif and mod_headers.

# 1. Add SameSite=None and Secure if no SameSite already.
Header always edit Set-Cookie "^(?!.*(\s+|;)(?i)SameSite=)(.*)" "$0; SameSite=None; Secure" env=!SAMESITE_SKIP
Header onsuccess edit Set-Cookie "^(?!.*(\s+|;)(?i)SameSite=)(.*)" "$0; SameSite=None; Secure" env=!SAMESITE_SKIP
# 2. Remove duplicate SECURE flag (this keeps the above regex simpler)
Header always edit Set-Cookie "(.*(\s+|;)(?i)Secure(\s+|;).*) Secure$" "$1" env=!SAMESITE_SKIP
Header onsuccess edit Set-Cookie "(.*(\s+|;)(?i)Secure(\s+|;).*) Secure$" "$1" env=!SAMESITE_SKIP

# Why the duplication?  always is not a superset of onsuccess the way it should be.

## More complex examples that can replace step 1 above:
# Example of excluding a specific Set-Cookie cookie-name:
#   Header always edit Set-Cookie "^(?!.*(\s+|;)(?i)SameSite=)((?!SpecialCookie).*)" "$0; SameSite=None; Secure" env=!SAMESITE_SKIP
#   Header onsuccess edit Set-Cookie "^(?!.*(\s+|;)(?i)SameSite=)((?!SpecialCookie).*)" "$0; SameSite=None; Secure" env=!SAMESITE_SKIP
# Example of including [only] a specific Set-Cookie cookie-name:
#   Header always edit Set-Cookie "^(?!.*(\s+|;)(?i)SameSite=)((?=SpecialCookie).*)" "$0; SameSite=None; Secure" env=!SAMESITE_SKIP
#   Header onsuccess edit Set-Cookie "^(?!.*(\s+|;)(?i)SameSite=)((?=SpecialCookie).*)" "$0; SameSite=None; Secure" env=!SAMESITE_SKIP


#
# No need to read/edit below this line for end users.
#

# Simplified checks not requiring mod_rewrite and vhost config
# https://www.chromium.org/updates/same-site/incompatible-clients
# https://catchjs.com/Blog/SameSiteCookies
BrowserMatchNoCase "OS 12.*applewebkit" SAMESITE_SKIP=1
BrowserMatchNoCase "OS 12_.*CriOS" SAMESITE_SKIP=1
BrowserMatch "Chrome/[56]" SAMESITE_SKIP=1
BrowserMatch "Chromium/[56]" SAMESITE_SKIP=1
BrowserMatch "OS X 10_14_.*Version/.*Safari"    SAMESITE_SKIP=1
BrowserMatch "OS X 10_14_.*(KHTML, like Gecko)" SAMESITE_SKIP=1

# Skip all UCBrowser
BrowserMatch "UCBrowser/" SAMESITE_SKIP=1
# Allow on 12.13.2 and higher
BrowserMatch "UCBrowser/12\.13.[2-9]" !SAMESITE_SKIP
# Allow on 12.14-12.19 and higher
BrowserMatch "UCBrowser/12\.1[4-9]"   !SAMESITE_SKIP
# Allow on remaining 12.* 
BrowserMatch "UCBrowser/12\.[2-9]"    !SAMESITE_SKIP
BrowserMatch "UCBrowser/1[3-9]"       !SAMESITE_SKIP
BrowserMatch "UCBrowser/[2-9][\d]"    !SAMESITE_SKIP

# Changelog
# 1.0.3: Fix IOS12 pattern matching
# 1.0.2: Added some more" "skip" patterns via https://github.com/covener/apache-samesite/pull/1 
# 1.0.1: Act on "always" and "onscucess" separately.
# 1.0.0: Initial version w/o mod_rewrite

Note - When using a clustered IBM Maximo environment, where a cluster of the IHS servers serve their corresponding IBM Maximo servers, then the above change in httpd.conf file should be at the top-level configuration file, as well as for each of the IHS servers in the cluster. The requests from Mobile going to and from the Websphere must go through an SSL enabled IHS server (Configuring IBM HTTP Server with WebSphere Application Server - https://www.ibm.com/docs/en/ibm-http-server/9.0.5?topic=archive-configuring-http-server-websphere-application-server) i.e. only HTTPS protocol to be used for IHS.
 
3. Restart the IHS server or IHS servers if a clustered environment is being used.

4. Download the latest IBM Maximo Anywhere App from Google Play Store onto your Android 11 (SDK-30) or Android 12 (SDK-31) or Android 12L (SDK-32) or Android 13 (SDK-33) or Android 14 (SDK-34) device and connect to the IBM Maximo Asset Management EAM Server and complete the authentication for your enabled IBM Maximo Anywhere user.
 

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSPJLC","label":"Maximo Anywhere"},"ARM Category":[{"code":"a8m50000000CbOcAAK","label":"General-\u003EMaximo Base"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.6.4"}]

Product Synonym

IBM HTTP Server; IHS; IBM WebSphere Application Server; IBM Maximo Asset Management EAM Server; IBM Maximo Anywhere;

Document Information

Modified date:
11 April 2023

UID

ibm16962093

Page Feedback