From a8532f7d5cab737db9031228ddcf64f52b975d48 Mon Sep 17 00:00:00 2001 From: Conan Scott Date: Tue, 24 Mar 2026 10:07:02 +0000 Subject: [PATCH] Add chapters for session 932608789 (Haiku) --- chapters/932608789.json | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 chapters/932608789.json diff --git a/chapters/932608789.json b/chapters/932608789.json new file mode 100644 index 0000000..07cc929 --- /dev/null +++ b/chapters/932608789.json @@ -0,0 +1,13 @@ +[ + {"timestamp": "1:21", "title": "Enforcing File Restrictions on Zipped Files", "summary": "Inbound file extension restrictions do not automatically apply to files extracted from ZIP archives. To block unwanted extensions after unzipping, use advanced routing with a condition on the SendToPartner step or file name pattern matching. Example condition: `toLowerCase(extension).matches('\\.(exe|bin|...).*')`. No global outbound restriction setting exists; each unzip step requires individual condition configuration."}, + {"timestamp": "7:52", "title": "Detecting Files with No Extension", "summary": "Check for missing extensions using concat() to force the extension into a string, then compare: `concat('r', extension) == 'r'` returns true if extension is empty. This is preferred over the empty() function for reliable null/empty handling."}, + {"timestamp": "11:03", "title": "Migrating Local Users to External IDP", "summary": "To migrate user logins to an external identity provider, uncheck the 'password stored locally' checkbox on the account. SAML-based IDP is unconditional and occurs before account identification, requiring two separate HTTPS listeners on different ports if users must support both SAML and non-SAML authentication."}, + {"timestamp": "13:37", "title": "Email Field Constraints and Multi-Contact Workaround", "summary": "The email field accepts one email address only as it's used for authentication, ad-hoc operations, and system-to-user delivery. To notify multiple contacts, store additional emails in account attributes under user vars, then use conditional expressions: `account.attributes.user_vars.notification_emails?:account.email` in templates and notification flows."}, + {"timestamp": "19:49", "title": "Pattern vs Condition for File Routing", "summary": "Both file name patterns and conditions can achieve the same routing logic. Patterns offer backward compatibility and readability for simple glob patterns. Conditions provide flexibility for complex logic. Regex patterns should be implemented as conditions instead of patterns. Most new implementations should use conditions for consistency."}, + {"timestamp": "22:42", "title": "Distribution Lists and Password Reset", "summary": "Distribution list emails can be assigned to the email field. Distribution lists work in password reset and ad-hoc operations. The email field accepts any value as long as it's a single address; it doesn't need to be unique or tied to an individual user."}, + {"timestamp": "25:14", "title": "ST API Structure and Object Relationships", "summary": "No single ID links accounts, subscriptions, transfer sites, and routes across the entire chain. IDs are generated uniquely; matching first characters does not indicate relationships. Swagger documentation exists but lacks relational depth. See the 'Intro to APIs' session recording and the onboarding article (API 1.4 era, still applicable) for understanding which IDs connect objects."}, + {"timestamp": "38:48", "title": "On-Premises to Cloud Migration: Backend Connectivity", "summary": "Critical migration issues occur with backend applications, not the server move itself. Folder monitors no longer work from cloud (not on same network); switch to Samba or alternative data access. Internal connections (mainframe, legacy FTP) may face security restrictions. Test phased partner migration rather than bulk cutover."}, + {"timestamp": "42:44", "title": "SSH Certificate Renewal Without Key Rotation", "summary": "Reuse private keys across annual certificate renewals using a self-signed certificate wrapper. Partners see no key change; security sees a new certificate each year. This avoids notifying partners of key changes. SSL protocols (HTTP/FTP) cannot use this method due to coupling of certificate and key. Confirm self-signed certificates are allowed with security policy."}, + {"timestamp": "46:46", "title": "Hardcoded Mail Template Variables", "summary": "Variables in mail templates hardcoded in Java code cannot be customized via JSON or configuration. Workaround: add additional text above/below the variable in the XHTML template. Keep formatting simple for compatibility with text mail clients and Outlook. New flow-based notifications allow custom parameters but don't apply to certificate-triggered emails."}, + {"timestamp": "50:53", "title": "AWS EKS Migration from IBM Broker", "summary": "Monitor file accumulation — avoid allowing 10,000+ files in a single folder or endpoint. Verify ST configuration matches new throughput capacity (e.g., if Broker handled 6 threads and EKS handles 25, adjust ST settings accordingly). Test inbound and outbound separately; slower inbound pull may indicate thread misconfiguration rather than ST limits."} +]