Muse Search FAQ
Muse Search
-
Generate the Service Provider Metadata
Access the administration end point for SAML at an URL of the form:https://your_domain/muse/saml/web/metadata
where replaceyour_domain
with the actual domain of the Muse installation. Useadmin
as the username and the configured password. In the Muse SSO Metadata Administration page click on the Generate new service provider button to access the metadata generation page. In the Metadata Generation page, make sure the Signing key and Encryption key values are the proper ones. Fill in an alias value in the Entity alias input. The rest of configurations should be left with the default values. When done click the Generate metadata button. In the Metadata Details page follow the steps listed in section “In order to permanently store the metadata follow these instructions:“. After the restart of the Muse web service, access again the Muse SSO Metadata Administration page, the metadata details for the newly added entity and click the Download entity metadata button to download it. -
Setup a new application in the Azure Portal
Access the Azure Portal at:https://portal.azure.com/
and navigate to Azure Active Directory -> Enterprise applications from the menu and click New Application. Add the custom application by accessing Create your own application link and add the name of the application (e.g. Muse Search), making sure the option Integrate any other application you don’t find in the gallery (Non-gallery) is selected. Then chose the application created and select Setup single sign-on from the Manage menu, and then click the “SAML” button to access the configuration guide. In the new page click the Upload metadata file and select the metadata file which was downloaded at the previous step. All necessary values will be loaded in the Basic SAML Configuration, click the Save button to store them. From the Set up Single Sign-On with SAML page, copy the value of App Federation Metadata Url to be used at the next step. Make sure that the necessary user groups and users are configured to access the newly created Azure application. See the below instructions for doing this: https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/add-application-portal-assign-users -
Generate a new IDP
Access the Muse SSO Metadata Administration pages (as described at #1) and click the Add new identity provider metadata button. In the Add New IDP Metadata files page, enter the URL copied from the Azure Portal in the Take metadata from URL: input and click the Test IDP metadata button. Next follow the instructions listed in the page to finalize the setup of the new IDP entity. -
Wire the Muse Search Application for SAML authentication
Follow the instruction from below to finalize the setup of SAML authentication with Microsoft Azure AD. – Edit the${MUSE_HOME}/aas/jaas.config
file and add at the end of the file the below entry: MuseKnowledge.Azure { com.edulib.ice.security.authentication.ICELoginModulePropertiesExtractor requisite config="${ICE_HOME}/profiles/ICELoginModulePropertiesExtractor.Azure.xml"; com.edulib.ice.security.authentication.ICELoginModule requisite ; }; – Download this file and place it in the following location${USE_HOME}/profiles/
. Edit the downloaded file, locate the following placeholders:PLACE_HERE_THE_IDP_ENTITY_ID
,MuseSearchApplicationID
andMuseSearchApplicationPassword
and replace them with the appropriate values. – Test the integration using an URL of the form:https://your_domain/muse/servlet/MusePeer/logon/alias/ALIAS?action=logon&userID=MuseKnowledge.Azure&templateFile=passThrough.html&errorTemplate=logon/logon.html&reuseSession=true&idp=IDP_ENTITY_ID
where replaceyour_domain
,ALIAS
andIDP_ENTITY_ID
with the appropriate values.
The access into the Muse Administration Consoles such as the MCAA (Muse Console for Applications Administration) is secured by IP authentication, besides Username/Password.
The access point for the MCAA console is:
http(s)://your_Muse_host:Port/mmc/
There are 2 methods for adding a new IP as an allowed IP address from where the MCAA console can be accessed:
1. From the MCAA console (reommmended). Login into the MCAA console from an already allowed IP address and follow the below steps:
- Access the Users top menu;
- From the Users page access the left menu item – Muse Authentication and Authorization Users;
- In the new page select the mcaa user (or the desired administrator user from the list) and click the left menu item – Edit Access Rules;
- In the Edit Access Rules pop-up page, click an Insert link corresponding to the last entry from the list;
- For the new item that was added, edit the IP value and add the desired IP address. When done click the Update button.
- Access the Muse server remotely, the access method differs, depending on the Operating System
(RDP/VNC/TeamViewer,
etc. for Windows based systems, SSH/VNC, etc. for Linux based systems); - Edit the file
${MUSE_HOME}/aas/hosts.xml
file. - Locate the
USER_RULE
section corresponding to the mcaa user (or the desired administrator). It should look like:mcaa - Add next to the existing IP rules a new entry as following:
, where replace Your_IP_Address with the actual IP address value.Your_IP_Address
The first step to try to resolve this issue is to update the Source(s) in question. If the installation date and status information still does not display after the Source(s) are updated, it is possible that the XML database is corrupted.
Use our backup & restore utility to recover from this problem. This procedure is detailed under the XMLDB category.
The configuration file for setting the SMTP_HOST
, SUPPORT_EMAIL
(the email address where problems are reported) and other SMTP characteristics such as port, SSL/TLS, username/password, certificates, is $MUSE_HOME/admin/MuseAdmin.xml
. A description for each SMTP property can be found in the comments area of the MuseAdmin.xml file and in the “Muse Administrator.pdf” manual.
The email settings from this file are used for sending a Source Problem Report using a Muse Administrator Console, like Muse Console for Applications Administration or Muse Console for Customer Support.
Notes:
- The SMTP_HOST must be configured to relay emails for the Muse server;
- If the SMTP server uses a secure connection (SSL/TLS) you must provide the necessary certificates. If the SMTP certificate is signed by a known Certificate Authority like Verisign for example, which is in the JDK’s keystore, there is no need to provide the certificate anymore;
- If the SMTP requires authentication then you must provide a working username/password too;
- In order for the changes in the $MUSE_HOME/admin/MuseAdmin.xml file to take effect, the Muse HTTP or Muse Embedded Apache Tomcat server (depending on which is available in your Muse version) must be restarted.
The “An error occured when list personal users for application applicationid: Personal Profile Management System will not be used because it could not be initialized. Probably xmldb location is not properly set. [Connection refused]” error is caused by a wrong port setting in MuseAdmin.xml file.
Please check the $MUSE_HOME/admin/MuseAdmin.xml
file, locate the
tag and check if the port is the same as the one Muse HTTP server/Apache Tomcat (depending on the Muse version) is running on.
Deleting a Source through the Console deletes all entry points to that Source from the Console. The backup files are not deleted, however, so the way to access the .bak files for the Source is to add the Source to the Application again. The backups will be available through the Backup/Restore tab once the Source is relinked to the Application. Previous settings will be restored to the Source once the Restore process is done. (Please note that your restore is successful even though there is no on-screen confirmation.)
Updating a Source Package installed in a Muse Application or adding a new one make use of the Global InfoBase service. The access to the Global InfoBase service is done with a username/password combination that were assigned to you by MuseGlobal.
The fact that you get “Source package decode error” messages when updating Muse Source Packages in the Muse Administration Console shows that you did not configure in your Muse installation the username/password for accessing the Global Source Factory service.
There are 2 ways for configuring the access details for the Global Source Factory service in a Muse installation:
- At the Muse system level. This means that you configure the username/password for accessing the Global Source Factory service at the system level and all administrative users like mcaa and mccs make use of it. To do this setting edit the ${MUSE_HOME}/factory/SourceFactory.xml file and fill in the GLOBAL_IB_USERand GLOBAL_IB_PASSWORD fields with the username/password that were provided to you by MuseGlobal. You should have there the startersf default restrictive details, just replace them with the ones provided to you. A restart of the Muse Embedded Tomcat server is required for this setting to take effect.
- At the administrative user level. This means that you can configure the username/password for accessing the Global InfoBase service individually, for each Muse Administration user (like mcaa, mccs). The advantage of this configuration is that you can specify different access details for the Global InfoBase service for each Muse Administration user. Another advantage is that the restart of the Muse Embedded Tomcat server is no longer required. Specifying the access details for the Global InfoBase service for a Muse Administration user is done through the Muse Console for Applications Administration interface (mcaa user) as follows:
- login into the Muse Console for Applications Administration interface as the mcaa user.
- go to the Users tab, locate the desired administration user, select it and click on the "Edit Properties" leftmenu item.
- in the "Edit MAB User Properties" panel fill in the "Global InfoBase User Name" and "Global InfoBase User Password" fields with the appropriate values.
- re-login into the Muse Administration Console if the setting was done for the mcaa user or login with the user for which the Global InfoBase details were updated.
Such and error may occur in 2 cases:
A. the username and password used to access the Global InfoBase are not correct and/or
B. the Muse communication with Global InfoBase is not successful.
A. The u/p used to access the Global InfoBase are set for each admin user via Designer console or Muse Console for Applications Administration.
Using Muse Console for Applications Administration (starting with Muse 2300), the Global InfoBase u/p can be changed as following:
– log in Muse Console for Applications Administration,
– go to “Users”,
– select a user and click “Edit Properties”,
– in the window that opens, set the “Global InfoBase User Name” and “Global InfoBase User Password”.
Using Designer Admin console (before Muse 2300), the Global InfoBase u/p can be changed as following:
– log in Designer console,
– go to “Users”,
– click “Muse Admin Bridge” ,
– click “Properties” of the admin user that must be checked,
– in the window that opens, set the “Global InfoBase User Name” and “Global InfoBase User Password”.
B. Unsuccessful communication between Muse and Global InfoBase can be caused by a transparent HTTP proxy between the two. The communication with Global InfoBase is based on XML requests and responses over TCP sockets. Many HTTP proxies cannot handle such XML requests and responses because the communication is not over the HTTP protocol and thus a HTTP proxy cannot handle it, because it tries to understand HTTP headers. Because of that, the message presented to the user is (Global InfoBase error: … Wrong user name or password.) since Muse does not get back a message confirming the successful authentication to Global InfoBase.
The best solution for this case is to give full Internet access to the Muse server or at least to factory.museglobal.com:80. If this is not possible due to special security policies, we recommend the following workarounds:
- if the outgoing communication to port 8005 is not passed through the transparent proxy (and if there is no firewall blocking such requests on client side), change the port in the
$MUSE_HOME/factory/SourceFactory.xml
from 80 to 8005 (e.g. enter 8005 as value in the"
field)." - switch the communication of the Muse server with SourceFactory on SSL. Even if the traffic passes through proxy, being on SSL, the proxy will not interfere and the communication will stand. To do this, change the port in the
$MUSE_HOME/factory/SourceFactory.xml
from 80 to 443 (e.g. enter 443 as value in the"
field) and also set"
field to "yes". Please note that this option is only available fro Muse versions 2.3.1.1 and above.
Note: After such a port change, Muse HTTP server/Apache Tomcat must be restarted.
Not seeing the SPs related data, as status, version, install and build dates, can point an issue with the Local InfoBase.
The most comon issues that have these results are:
1) XMLDB corruption
For more information about this, please see the “How do I perform a backup/restore operation of the XML database?” (1019) FAQ.
2) InfoBase Bridge not started due to a port conflict
Muse InfoBase Bridge is using the 8005 port, so please check the Embedded Apache Tomcat logs to see if there are any entries of the form (which point a conflict):
Address already in use: JVM_Bind:8005
This port can cause a conflict if on the machine there is an external Apache Tomcat (or other software) running and listening on this port. In case of Apache Tomcat, the 8005 port is used for shutdown and it is configured in the $TOMCAT_HOME/conf/server.xml.
For other servers, please consult their documentation.
The advice is to change the port of external Apache Tomcat or any other software (not Muse) to something else, eg: 8115, and restart that server and Embedded Apache Tomcat.
The procedure of creating a new admin user is fully described in the “Muse Console for Application Administration.pdf” document, chapter “Administrative Users Setup and Maintenance”.
A particular case of creating a new admin user is if that user must has rights only on one application. Thus, when selecting a grant entry to grant a permission, from the list of available options one must chose “Modify Application”. Having only this grant added, then only one application will be available to be selected for administration. In the list of available applications, the new admin user will only see the selected aplication.
There is a “Forgot your password? Recover it.” feature in the Muse applications. When clicking on it, an email containing the configured password will be sent at the user’s email address. For this feature to work, the email settings configured at the application level must be correct and working.
Also, this feature is accessible from within the application, in other words you must login into the application in order to access the “Forgot your password? Recover it.” feature.
In the case of an application configured with IP authentication for “in Campus” and Personal User for “off Campus” access, the end user can access the “Forgot your password? Recover it.” feature only from in Campus.
There are two ways to set the default result display:
1. At the individual user level: this can be done directly by the end user within the Application when the user is logged into his personal account. Note that setting this preference will not result in a global change for the Application, just for the personal account in which it is configured.
2. At the Application level (as a global change to the Application) by modifying the “displayLevel” setting in the ${APPLICATION_HOME}/www/application/searchOptions.db
file. The values that can be set in this parameter are: “oneLine”, “brief” and “full”. For example, if the full display is wanted, the line within the searchOptions.db files should be:
Note that the setting at the Application level is superseded by the setting at the user level.
Yes, multiple email addresses can be specified in the $MUSE_HOME/admin/MuseAdmin.xml
file using a semicolon as the delimiter. After modifying the $MUSE_HOME/admin/MuseAdmin.xml
file the Muse HTTP server must be restarted.
We strongly recommend using a Muse admin console to do an Application backup instead of creating a copy of the Application’s directory.
The backup/restore feature is available starting Muse 2.2.0.0 and was especially created for such purposes. It backs up an entire Application under the "${MUSE_HOME}/admin/tmp/backup/"
directory by creating a file with the name "${APPLICATION_ID}.${timeStamp}.bak"
for each backup action.
Multiple Applications can be backed up simultaneously – however, the restore is a “one Application at a time” process. Also, a single Application can be backed up multiple times; upon restore, the user is prompted with all the backups ever made for that Application.
The procedure to change/remove the default sorting algorithm in an application (Muse 2.3.0.2. or above) is:
– log into the MCAA/MCCS,
– select an application,
– click Application Modules,
– click Ranking Keys,
– click Update Interface,
– select for which language to make the change,
– select the desired default ordering method/key (right side),
– click Update,
– click Close Window button.
Note that this applies for applications based on a MuseFoundation application template. To verify the changes relogin into the application.
For applications that are based on an older application template, the settings must be manually done because they are not compatible with the newer Muse admin consoles (MCAA/MCCS).
Below are the changes that must be done to configure the default sorting algorithm in applications based on older templates. Edit the
– $APPLICATION_HOME/www/application/searchOptions.db
file and/or the
– $APPLICATION_HOME/www/international/XYZ/application/searchOptions.db
file(s), where XYZ is the language code.
The line
which is equivalent to None (no ordering), must be replaced with:
or any other sorting key, such as:
– ICERankingKeyAuthor
– ICERankingKeyAuthorTitle
– ICERankingKeyDate
– ICERankingKeyField
– ICERankingKeyRelevance
– ICERankingKeyRetrieved
– ICERankingKeySource
– ICERankingKeyTitle
depending on the needes.
Load More
Follow the instructions from bellow for configuring the authentication for the Muse Search Application with Microsoft’s Azure Active Directory, using SAML.
In this scenario, the Muse Search Application is the Service Provider (SP), while Azure AD is the Identity Provider (IDP).
-
Generate the Service Provider Metadata
Access the administration end point for SAML at an URL of the form:
https://your_domain/muse/saml/web/metadata
where replaceyour_domain
with the actual domain of the Muse installation.
Useadmin
as the username and the configured password.In the Muse SSO Metadata Administration page click on the Generate new service provider button to access the metadata generation page.
In the Metadata Generation page, make sure the Signing key and Encryption key values are the proper ones. Fill in an alias value in the Entity alias input. The rest of configurations should be left with the default values. When done click the Generate metadata button.In the Metadata Details page follow the steps listed in section “In order to permanently store the metadata follow these instructions:“.
After the restart of the Muse web service, access again the Muse SSO Metadata Administration page, the metadata details for the newly added entity and click the Download entity metadata button to download it. -
Setup a new application in the Azure Portal
Access the Azure Portal at:
https://portal.azure.com/
and navigate to Azure Active Directory -> Enterprise applications from the menu and click New Application. Add the custom application by accessing Create your own application link and add the name of the application (e.g. Muse Search), making sure the option Integrate any other application you don’t find in the gallery (Non-gallery) is selected. Then chose the application created and select Setup single sign-on from the Manage menu, and then click the “SAML” button to access the configuration guide.In the new page click the Upload metadata file and select the metadata file which was downloaded at the previous step. All necessary values will be loaded in the Basic SAML Configuration, click the Save button to store them.
From the Set up Single Sign-On with SAML page, copy the value of App Federation Metadata Url to be used at the next step.
Make sure that the necessary user groups and users are configured to access the newly created Azure application. See the below instructions for doing this:
https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/add-application-portal-assign-users -
Generate a new IDP
Access the Muse SSO Metadata Administration pages (as described at #1) and click the Add new identity provider metadata button.
In the Add New IDP Metadata files page, enter the URL copied from the Azure Portal in the Take metadata from URL: input and click the Test IDP metadata button.Next follow the instructions listed in the page to finalize the setup of the new IDP entity.
-
Wire the Muse Search Application for SAML authentication
Follow the instruction from below to finalize the setup of SAML authentication with Microsoft Azure AD.
– Edit the
${MUSE_HOME}/aas/jaas.config
file and add at the end of the file the below entry:
MuseKnowledge.Azure {
com.edulib.ice.security.authentication.ICELoginModulePropertiesExtractor requisite config="${ICE_HOME}/profiles/ICELoginModulePropertiesExtractor.Azure.xml";
com.edulib.ice.security.authentication.ICELoginModule requisite ;
};
– Download this file and place it in the following location${USE_HOME}/profiles/
. Edit the downloaded file, locate the following placeholders:PLACE_HERE_THE_IDP_ENTITY_ID
,MuseSearchApplicationID
andMuseSearchApplicationPassword
and replace them with the appropriate values.
– Test the integration using an URL of the form:
https://your_domain/muse/servlet/MusePeer/logon/alias/ALIAS?action=logon&userID=MuseKnowledge.Azure&templateFile=passThrough.html&errorTemplate=logon/logon.html&reuseSession=true&idp=IDP_ENTITY_ID
where replaceyour_domain
,ALIAS
andIDP_ENTITY_ID
with the appropriate values.
The access into the Muse Administration Consoles such as the MCAA (Muse Console for Applications Administration) is secured by IP authentication, besides Username/Password.
The access point for the MCAA console is:
http(s)://your_Muse_host:Port/mmc/
There are 2 methods for adding a new IP as an allowed IP address from where the MCAA console can be accessed:
1. From the MCAA console (reommmended). Login into the MCAA console from an already allowed IP address and follow the below steps:
- Access the Users top menu;
- From the Users page access the left menu item – Muse Authentication and Authorization Users;
- In the new page select the mcaa user (or the desired administrator user from the list) and click the left menu item – Edit Access Rules;
- In the Edit Access Rules pop-up page, click an Insert link corresponding to the last entry from the list;
- For the new item that was added, edit the IP value and add the desired IP address. When done click the Update button.
- Access the Muse server remotely, the access method differs, depending on the Operating System
(RDP/VNC/TeamViewer,
etc. for Windows based systems, SSH/VNC, etc. for Linux based systems); - Edit the file
${MUSE_HOME}/aas/hosts.xml
file. - Locate the
USER_RULE
section corresponding to the mcaa user (or the desired administrator). It should look like:mcaa - Add next to the existing IP rules a new entry as following:
, where replace Your_IP_Address with the actual IP address value.Your_IP_Address
The first step to try to resolve this issue is to update the Source(s) in question. If the installation date and status information still does not display after the Source(s) are updated, it is possible that the XML database is corrupted.
Use our backup & restore utility to recover from this problem. This procedure is detailed under the XMLDB category.
The configuration file for setting the SMTP_HOST
, SUPPORT_EMAIL
(the email address where problems are reported) and other SMTP characteristics such as port, SSL/TLS, username/password, certificates, is $MUSE_HOME/admin/MuseAdmin.xml
. A description for each SMTP property can be found in the comments area of the MuseAdmin.xml file and in the “Muse Administrator.pdf” manual.
The email settings from this file are used for sending a Source Problem Report using a Muse Administrator Console, like Muse Console for Applications Administration or Muse Console for Customer Support.
Notes:
- The SMTP_HOST must be configured to relay emails for the Muse server;
- If the SMTP server uses a secure connection (SSL/TLS) you must provide the necessary certificates. If the SMTP certificate is signed by a known Certificate Authority like Verisign for example, which is in the JDK’s keystore, there is no need to provide the certificate anymore;
- If the SMTP requires authentication then you must provide a working username/password too;
- In order for the changes in the $MUSE_HOME/admin/MuseAdmin.xml file to take effect, the Muse HTTP or Muse Embedded Apache Tomcat server (depending on which is available in your Muse version) must be restarted.
The “An error occured when list personal users for application applicationid: Personal Profile Management System will not be used because it could not be initialized. Probably xmldb location is not properly set. [Connection refused]” error is caused by a wrong port setting in MuseAdmin.xml file.
Please check the $MUSE_HOME/admin/MuseAdmin.xml
file, locate the
tag and check if the port is the same as the one Muse HTTP server/Apache Tomcat (depending on the Muse version) is running on.
Deleting a Source through the Console deletes all entry points to that Source from the Console. The backup files are not deleted, however, so the way to access the .bak files for the Source is to add the Source to the Application again. The backups will be available through the Backup/Restore tab once the Source is relinked to the Application. Previous settings will be restored to the Source once the Restore process is done. (Please note that your restore is successful even though there is no on-screen confirmation.)
Updating a Source Package installed in a Muse Application or adding a new one make use of the Global InfoBase service. The access to the Global InfoBase service is done with a username/password combination that were assigned to you by MuseGlobal.
The fact that you get “Source package decode error” messages when updating Muse Source Packages in the Muse Administration Console shows that you did not configure in your Muse installation the username/password for accessing the Global Source Factory service.
There are 2 ways for configuring the access details for the Global Source Factory service in a Muse installation:
- At the Muse system level. This means that you configure the username/password for accessing the Global Source Factory service at the system level and all administrative users like mcaa and mccs make use of it. To do this setting edit the ${MUSE_HOME}/factory/SourceFactory.xml file and fill in the GLOBAL_IB_USERand GLOBAL_IB_PASSWORD fields with the username/password that were provided to you by MuseGlobal. You should have there the startersf default restrictive details, just replace them with the ones provided to you. A restart of the Muse Embedded Tomcat server is required for this setting to take effect.
- At the administrative user level. This means that you can configure the username/password for accessing the Global InfoBase service individually, for each Muse Administration user (like mcaa, mccs). The advantage of this configuration is that you can specify different access details for the Global InfoBase service for each Muse Administration user. Another advantage is that the restart of the Muse Embedded Tomcat server is no longer required. Specifying the access details for the Global InfoBase service for a Muse Administration user is done through the Muse Console for Applications Administration interface (mcaa user) as follows:
- login into the Muse Console for Applications Administration interface as the mcaa user.
- go to the Users tab, locate the desired administration user, select it and click on the "Edit Properties" leftmenu item.
- in the "Edit MAB User Properties" panel fill in the "Global InfoBase User Name" and "Global InfoBase User Password" fields with the appropriate values.
- re-login into the Muse Administration Console if the setting was done for the mcaa user or login with the user for which the Global InfoBase details were updated.
Such and error may occur in 2 cases:
A. the username and password used to access the Global InfoBase are not correct and/or
B. the Muse communication with Global InfoBase is not successful.
A. The u/p used to access the Global InfoBase are set for each admin user via Designer console or Muse Console for Applications Administration.
Using Muse Console for Applications Administration (starting with Muse 2300), the Global InfoBase u/p can be changed as following:
– log in Muse Console for Applications Administration,
– go to “Users”,
– select a user and click “Edit Properties”,
– in the window that opens, set the “Global InfoBase User Name” and “Global InfoBase User Password”.
Using Designer Admin console (before Muse 2300), the Global InfoBase u/p can be changed as following:
– log in Designer console,
– go to “Users”,
– click “Muse Admin Bridge” ,
– click “Properties” of the admin user that must be checked,
– in the window that opens, set the “Global InfoBase User Name” and “Global InfoBase User Password”.
B. Unsuccessful communication between Muse and Global InfoBase can be caused by a transparent HTTP proxy between the two. The communication with Global InfoBase is based on XML requests and responses over TCP sockets. Many HTTP proxies cannot handle such XML requests and responses because the communication is not over the HTTP protocol and thus a HTTP proxy cannot handle it, because it tries to understand HTTP headers. Because of that, the message presented to the user is (Global InfoBase error: … Wrong user name or password.) since Muse does not get back a message confirming the successful authentication to Global InfoBase.
The best solution for this case is to give full Internet access to the Muse server or at least to factory.museglobal.com:80. If this is not possible due to special security policies, we recommend the following workarounds:
- if the outgoing communication to port 8005 is not passed through the transparent proxy (and if there is no firewall blocking such requests on client side), change the port in the
$MUSE_HOME/factory/SourceFactory.xml
from 80 to 8005 (e.g. enter 8005 as value in the"
field)." - switch the communication of the Muse server with SourceFactory on SSL. Even if the traffic passes through proxy, being on SSL, the proxy will not interfere and the communication will stand. To do this, change the port in the
$MUSE_HOME/factory/SourceFactory.xml
from 80 to 443 (e.g. enter 443 as value in the"
field) and also set"
field to "yes". Please note that this option is only available fro Muse versions 2.3.1.1 and above.
Note: After such a port change, Muse HTTP server/Apache Tomcat must be restarted.
Not seeing the SPs related data, as status, version, install and build dates, can point an issue with the Local InfoBase.
The most comon issues that have these results are:
1) XMLDB corruption
For more information about this, please see the “How do I perform a backup/restore operation of the XML database?” (1019) FAQ.
2) InfoBase Bridge not started due to a port conflict
Muse InfoBase Bridge is using the 8005 port, so please check the Embedded Apache Tomcat logs to see if there are any entries of the form (which point a conflict):
Address already in use: JVM_Bind:8005
This port can cause a conflict if on the machine there is an external Apache Tomcat (or other software) running and listening on this port. In case of Apache Tomcat, the 8005 port is used for shutdown and it is configured in the $TOMCAT_HOME/conf/server.xml.
For other servers, please consult their documentation.
The advice is to change the port of external Apache Tomcat or any other software (not Muse) to something else, eg: 8115, and restart that server and Embedded Apache Tomcat.
The procedure of creating a new admin user is fully described in the “Muse Console for Application Administration.pdf” document, chapter “Administrative Users Setup and Maintenance”.
A particular case of creating a new admin user is if that user must has rights only on one application. Thus, when selecting a grant entry to grant a permission, from the list of available options one must chose “Modify Application”. Having only this grant added, then only one application will be available to be selected for administration. In the list of available applications, the new admin user will only see the selected aplication.
There is a “Forgot your password? Recover it.” feature in the Muse applications. When clicking on it, an email containing the configured password will be sent at the user’s email address. For this feature to work, the email settings configured at the application level must be correct and working.
Also, this feature is accessible from within the application, in other words you must login into the application in order to access the “Forgot your password? Recover it.” feature.
In the case of an application configured with IP authentication for “in Campus” and Personal User for “off Campus” access, the end user can access the “Forgot your password? Recover it.” feature only from in Campus.
There are two ways to set the default result display:
1. At the individual user level: this can be done directly by the end user within the Application when the user is logged into his personal account. Note that setting this preference will not result in a global change for the Application, just for the personal account in which it is configured.
2. At the Application level (as a global change to the Application) by modifying the “displayLevel” setting in the ${APPLICATION_HOME}/www/application/searchOptions.db
file. The values that can be set in this parameter are: “oneLine”, “brief” and “full”. For example, if the full display is wanted, the line within the searchOptions.db files should be:
Note that the setting at the Application level is superseded by the setting at the user level.
Yes, multiple email addresses can be specified in the $MUSE_HOME/admin/MuseAdmin.xml
file using a semicolon as the delimiter. After modifying the $MUSE_HOME/admin/MuseAdmin.xml
file the Muse HTTP server must be restarted.
We strongly recommend using a Muse admin console to do an Application backup instead of creating a copy of the Application’s directory.
The backup/restore feature is available starting Muse 2.2.0.0 and was especially created for such purposes. It backs up an entire Application under the "${MUSE_HOME}/admin/tmp/backup/"
directory by creating a file with the name "${APPLICATION_ID}.${timeStamp}.bak"
for each backup action.
Multiple Applications can be backed up simultaneously – however, the restore is a “one Application at a time” process. Also, a single Application can be backed up multiple times; upon restore, the user is prompted with all the backups ever made for that Application.
The procedure to change/remove the default sorting algorithm in an application (Muse 2.3.0.2. or above) is:
– log into the MCAA/MCCS,
– select an application,
– click Application Modules,
– click Ranking Keys,
– click Update Interface,
– select for which language to make the change,
– select the desired default ordering method/key (right side),
– click Update,
– click Close Window button.
Note that this applies for applications based on a MuseFoundation application template. To verify the changes relogin into the application.
For applications that are based on an older application template, the settings must be manually done because they are not compatible with the newer Muse admin consoles (MCAA/MCCS).
Below are the changes that must be done to configure the default sorting algorithm in applications based on older templates. Edit the
– $APPLICATION_HOME/www/application/searchOptions.db
file and/or the
– $APPLICATION_HOME/www/international/XYZ/application/searchOptions.db
file(s), where XYZ is the language code.
The line
which is equivalent to None (no ordering), must be replaced with:
or any other sorting key, such as:
– ICERankingKeyAuthor
– ICERankingKeyAuthorTitle
– ICERankingKeyDate
– ICERankingKeyField
– ICERankingKeyRelevance
– ICERankingKeyRetrieved
– ICERankingKeySource
– ICERankingKeyTitle
depending on the needes.
Load More
Follow the instructions from bellow for configuring the authentication for the Muse Search Application with Microsoft’s Azure Active Directory, using SAML.
In this scenario, the Muse Search Application is the Service Provider (SP), while Azure AD is the Identity Provider (IDP).
-
Generate the Service Provider Metadata
Access the administration end point for SAML at an URL of the form:
https://your_domain/muse/saml/web/metadata
where replaceyour_domain
with the actual domain of the Muse installation.
Useadmin
as the username and the configured password.In the Muse SSO Metadata Administration page click on the Generate new service provider button to access the metadata generation page.
In the Metadata Generation page, make sure the Signing key and Encryption key values are the proper ones. Fill in an alias value in the Entity alias input. The rest of configurations should be left with the default values. When done click the Generate metadata button.In the Metadata Details page follow the steps listed in section “In order to permanently store the metadata follow these instructions:“.
After the restart of the Muse web service, access again the Muse SSO Metadata Administration page, the metadata details for the newly added entity and click the Download entity metadata button to download it. -
Setup a new application in the Azure Portal
Access the Azure Portal at:
https://portal.azure.com/
and navigate to Azure Active Directory -> Enterprise applications from the menu and click New Application. Add the custom application by accessing Create your own application link and add the name of the application (e.g. Muse Search), making sure the option Integrate any other application you don’t find in the gallery (Non-gallery) is selected. Then chose the application created and select Setup single sign-on from the Manage menu, and then click the “SAML” button to access the configuration guide.In the new page click the Upload metadata file and select the metadata file which was downloaded at the previous step. All necessary values will be loaded in the Basic SAML Configuration, click the Save button to store them.
From the Set up Single Sign-On with SAML page, copy the value of App Federation Metadata Url to be used at the next step.
Make sure that the necessary user groups and users are configured to access the newly created Azure application. See the below instructions for doing this:
https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/add-application-portal-assign-users -
Generate a new IDP
Access the Muse SSO Metadata Administration pages (as described at #1) and click the Add new identity provider metadata button.
In the Add New IDP Metadata files page, enter the URL copied from the Azure Portal in the Take metadata from URL: input and click the Test IDP metadata button.Next follow the instructions listed in the page to finalize the setup of the new IDP entity.
-
Wire the Muse Search Application for SAML authentication
Follow the instruction from below to finalize the setup of SAML authentication with Microsoft Azure AD.
– Edit the
${MUSE_HOME}/aas/jaas.config
file and add at the end of the file the below entry:
MuseKnowledge.Azure {
com.edulib.ice.security.authentication.ICELoginModulePropertiesExtractor requisite config="${ICE_HOME}/profiles/ICELoginModulePropertiesExtractor.Azure.xml";
com.edulib.ice.security.authentication.ICELoginModule requisite ;
};
– Download this file and place it in the following location${USE_HOME}/profiles/
. Edit the downloaded file, locate the following placeholders:PLACE_HERE_THE_IDP_ENTITY_ID
,MuseSearchApplicationID
andMuseSearchApplicationPassword
and replace them with the appropriate values.
– Test the integration using an URL of the form:
https://your_domain/muse/servlet/MusePeer/logon/alias/ALIAS?action=logon&userID=MuseKnowledge.Azure&templateFile=passThrough.html&errorTemplate=logon/logon.html&reuseSession=true&idp=IDP_ENTITY_ID
where replaceyour_domain
,ALIAS
andIDP_ENTITY_ID
with the appropriate values.
The access into the Muse Administration Consoles such as the MCAA (Muse Console for Applications Administration) is secured by IP authentication, besides Username/Password.
The access point for the MCAA console is:
http(s)://your_Muse_host:Port/mmc/
There are 2 methods for adding a new IP as an allowed IP address from where the MCAA console can be accessed:
1. From the MCAA console (reommmended). Login into the MCAA console from an already allowed IP address and follow the below steps:
- Access the Users top menu;
- From the Users page access the left menu item – Muse Authentication and Authorization Users;
- In the new page select the mcaa user (or the desired administrator user from the list) and click the left menu item – Edit Access Rules;
- In the Edit Access Rules pop-up page, click an Insert link corresponding to the last entry from the list;
- For the new item that was added, edit the IP value and add the desired IP address. When done click the Update button.
- Access the Muse server remotely, the access method differs, depending on the Operating System
(RDP/VNC/TeamViewer,
etc. for Windows based systems, SSH/VNC, etc. for Linux based systems); - Edit the file
${MUSE_HOME}/aas/hosts.xml
file. - Locate the
USER_RULE
section corresponding to the mcaa user (or the desired administrator). It should look like:mcaa - Add next to the existing IP rules a new entry as following:
, where replace Your_IP_Address with the actual IP address value.Your_IP_Address
The first step to try to resolve this issue is to update the Source(s) in question. If the installation date and status information still does not display after the Source(s) are updated, it is possible that the XML database is corrupted.
Use our backup & restore utility to recover from this problem. This procedure is detailed under the XMLDB category.
The configuration file for setting the SMTP_HOST
, SUPPORT_EMAIL
(the email address where problems are reported) and other SMTP characteristics such as port, SSL/TLS, username/password, certificates, is $MUSE_HOME/admin/MuseAdmin.xml
. A description for each SMTP property can be found in the comments area of the MuseAdmin.xml file and in the “Muse Administrator.pdf” manual.
The email settings from this file are used for sending a Source Problem Report using a Muse Administrator Console, like Muse Console for Applications Administration or Muse Console for Customer Support.
Notes:
- The SMTP_HOST must be configured to relay emails for the Muse server;
- If the SMTP server uses a secure connection (SSL/TLS) you must provide the necessary certificates. If the SMTP certificate is signed by a known Certificate Authority like Verisign for example, which is in the JDK’s keystore, there is no need to provide the certificate anymore;
- If the SMTP requires authentication then you must provide a working username/password too;
- In order for the changes in the $MUSE_HOME/admin/MuseAdmin.xml file to take effect, the Muse HTTP or Muse Embedded Apache Tomcat server (depending on which is available in your Muse version) must be restarted.
The “An error occured when list personal users for application applicationid: Personal Profile Management System will not be used because it could not be initialized. Probably xmldb location is not properly set. [Connection refused]” error is caused by a wrong port setting in MuseAdmin.xml file.
Please check the $MUSE_HOME/admin/MuseAdmin.xml
file, locate the
tag and check if the port is the same as the one Muse HTTP server/Apache Tomcat (depending on the Muse version) is running on.
Deleting a Source through the Console deletes all entry points to that Source from the Console. The backup files are not deleted, however, so the way to access the .bak files for the Source is to add the Source to the Application again. The backups will be available through the Backup/Restore tab once the Source is relinked to the Application. Previous settings will be restored to the Source once the Restore process is done. (Please note that your restore is successful even though there is no on-screen confirmation.)
Updating a Source Package installed in a Muse Application or adding a new one make use of the Global InfoBase service. The access to the Global InfoBase service is done with a username/password combination that were assigned to you by MuseGlobal.
The fact that you get “Source package decode error” messages when updating Muse Source Packages in the Muse Administration Console shows that you did not configure in your Muse installation the username/password for accessing the Global Source Factory service.
There are 2 ways for configuring the access details for the Global Source Factory service in a Muse installation:
- At the Muse system level. This means that you configure the username/password for accessing the Global Source Factory service at the system level and all administrative users like mcaa and mccs make use of it. To do this setting edit the ${MUSE_HOME}/factory/SourceFactory.xml file and fill in the GLOBAL_IB_USERand GLOBAL_IB_PASSWORD fields with the username/password that were provided to you by MuseGlobal. You should have there the startersf default restrictive details, just replace them with the ones provided to you. A restart of the Muse Embedded Tomcat server is required for this setting to take effect.
- At the administrative user level. This means that you can configure the username/password for accessing the Global InfoBase service individually, for each Muse Administration user (like mcaa, mccs). The advantage of this configuration is that you can specify different access details for the Global InfoBase service for each Muse Administration user. Another advantage is that the restart of the Muse Embedded Tomcat server is no longer required. Specifying the access details for the Global InfoBase service for a Muse Administration user is done through the Muse Console for Applications Administration interface (mcaa user) as follows:
- login into the Muse Console for Applications Administration interface as the mcaa user.
- go to the Users tab, locate the desired administration user, select it and click on the "Edit Properties" leftmenu item.
- in the "Edit MAB User Properties" panel fill in the "Global InfoBase User Name" and "Global InfoBase User Password" fields with the appropriate values.
- re-login into the Muse Administration Console if the setting was done for the mcaa user or login with the user for which the Global InfoBase details were updated.
Such and error may occur in 2 cases:
A. the username and password used to access the Global InfoBase are not correct and/or
B. the Muse communication with Global InfoBase is not successful.
A. The u/p used to access the Global InfoBase are set for each admin user via Designer console or Muse Console for Applications Administration.
Using Muse Console for Applications Administration (starting with Muse 2300), the Global InfoBase u/p can be changed as following:
– log in Muse Console for Applications Administration,
– go to “Users”,
– select a user and click “Edit Properties”,
– in the window that opens, set the “Global InfoBase User Name” and “Global InfoBase User Password”.
Using Designer Admin console (before Muse 2300), the Global InfoBase u/p can be changed as following:
– log in Designer console,
– go to “Users”,
– click “Muse Admin Bridge” ,
– click “Properties” of the admin user that must be checked,
– in the window that opens, set the “Global InfoBase User Name” and “Global InfoBase User Password”.
B. Unsuccessful communication between Muse and Global InfoBase can be caused by a transparent HTTP proxy between the two. The communication with Global InfoBase is based on XML requests and responses over TCP sockets. Many HTTP proxies cannot handle such XML requests and responses because the communication is not over the HTTP protocol and thus a HTTP proxy cannot handle it, because it tries to understand HTTP headers. Because of that, the message presented to the user is (Global InfoBase error: … Wrong user name or password.) since Muse does not get back a message confirming the successful authentication to Global InfoBase.
The best solution for this case is to give full Internet access to the Muse server or at least to factory.museglobal.com:80. If this is not possible due to special security policies, we recommend the following workarounds:
- if the outgoing communication to port 8005 is not passed through the transparent proxy (and if there is no firewall blocking such requests on client side), change the port in the
$MUSE_HOME/factory/SourceFactory.xml
from 80 to 8005 (e.g. enter 8005 as value in the"
field)." - switch the communication of the Muse server with SourceFactory on SSL. Even if the traffic passes through proxy, being on SSL, the proxy will not interfere and the communication will stand. To do this, change the port in the
$MUSE_HOME/factory/SourceFactory.xml
from 80 to 443 (e.g. enter 443 as value in the"
field) and also set"
field to "yes". Please note that this option is only available fro Muse versions 2.3.1.1 and above.
Note: After such a port change, Muse HTTP server/Apache Tomcat must be restarted.
Not seeing the SPs related data, as status, version, install and build dates, can point an issue with the Local InfoBase.
The most comon issues that have these results are:
1) XMLDB corruption
For more information about this, please see the “How do I perform a backup/restore operation of the XML database?” (1019) FAQ.
2) InfoBase Bridge not started due to a port conflict
Muse InfoBase Bridge is using the 8005 port, so please check the Embedded Apache Tomcat logs to see if there are any entries of the form (which point a conflict):
Address already in use: JVM_Bind:8005
This port can cause a conflict if on the machine there is an external Apache Tomcat (or other software) running and listening on this port. In case of Apache Tomcat, the 8005 port is used for shutdown and it is configured in the $TOMCAT_HOME/conf/server.xml.
For other servers, please consult their documentation.
The advice is to change the port of external Apache Tomcat or any other software (not Muse) to something else, eg: 8115, and restart that server and Embedded Apache Tomcat.
The procedure of creating a new admin user is fully described in the “Muse Console for Application Administration.pdf” document, chapter “Administrative Users Setup and Maintenance”.
A particular case of creating a new admin user is if that user must has rights only on one application. Thus, when selecting a grant entry to grant a permission, from the list of available options one must chose “Modify Application”. Having only this grant added, then only one application will be available to be selected for administration. In the list of available applications, the new admin user will only see the selected aplication.
There is a “Forgot your password? Recover it.” feature in the Muse applications. When clicking on it, an email containing the configured password will be sent at the user’s email address. For this feature to work, the email settings configured at the application level must be correct and working.
Also, this feature is accessible from within the application, in other words you must login into the application in order to access the “Forgot your password? Recover it.” feature.
In the case of an application configured with IP authentication for “in Campus” and Personal User for “off Campus” access, the end user can access the “Forgot your password? Recover it.” feature only from in Campus.
There are two ways to set the default result display:
1. At the individual user level: this can be done directly by the end user within the Application when the user is logged into his personal account. Note that setting this preference will not result in a global change for the Application, just for the personal account in which it is configured.
2. At the Application level (as a global change to the Application) by modifying the “displayLevel” setting in the ${APPLICATION_HOME}/www/application/searchOptions.db
file. The values that can be set in this parameter are: “oneLine”, “brief” and “full”. For example, if the full display is wanted, the line within the searchOptions.db files should be:
Note that the setting at the Application level is superseded by the setting at the user level.
Yes, multiple email addresses can be specified in the $MUSE_HOME/admin/MuseAdmin.xml
file using a semicolon as the delimiter. After modifying the $MUSE_HOME/admin/MuseAdmin.xml
file the Muse HTTP server must be restarted.
We strongly recommend using a Muse admin console to do an Application backup instead of creating a copy of the Application’s directory.
The backup/restore feature is available starting Muse 2.2.0.0 and was especially created for such purposes. It backs up an entire Application under the "${MUSE_HOME}/admin/tmp/backup/"
directory by creating a file with the name "${APPLICATION_ID}.${timeStamp}.bak"
for each backup action.
Multiple Applications can be backed up simultaneously – however, the restore is a “one Application at a time” process. Also, a single Application can be backed up multiple times; upon restore, the user is prompted with all the backups ever made for that Application.
The procedure to change/remove the default sorting algorithm in an application (Muse 2.3.0.2. or above) is:
– log into the MCAA/MCCS,
– select an application,
– click Application Modules,
– click Ranking Keys,
– click Update Interface,
– select for which language to make the change,
– select the desired default ordering method/key (right side),
– click Update,
– click Close Window button.
Note that this applies for applications based on a MuseFoundation application template. To verify the changes relogin into the application.
For applications that are based on an older application template, the settings must be manually done because they are not compatible with the newer Muse admin consoles (MCAA/MCCS).
Below are the changes that must be done to configure the default sorting algorithm in applications based on older templates. Edit the
– $APPLICATION_HOME/www/application/searchOptions.db
file and/or the
– $APPLICATION_HOME/www/international/XYZ/application/searchOptions.db
file(s), where XYZ is the language code.
The line
which is equivalent to None (no ordering), must be replaced with:
or any other sorting key, such as:
– ICERankingKeyAuthor
– ICERankingKeyAuthorTitle
– ICERankingKeyDate
– ICERankingKeyField
– ICERankingKeyRelevance
– ICERankingKeyRetrieved
– ICERankingKeySource
– ICERankingKeyTitle
depending on the needes.
Load More
Follow the instructions from bellow for configuring the authentication for the Muse Search Application with Microsoft’s Azure Active Directory, using SAML.
In this scenario, the Muse Search Application is the Service Provider (SP), while Azure AD is the Identity Provider (IDP).
-
Generate the Service Provider Metadata
Access the administration end point for SAML at an URL of the form:
https://your_domain/muse/saml/web/metadata
where replaceyour_domain
with the actual domain of the Muse installation.
Useadmin
as the username and the configured password.In the Muse SSO Metadata Administration page click on the Generate new service provider button to access the metadata generation page.
In the Metadata Generation page, make sure the Signing key and Encryption key values are the proper ones. Fill in an alias value in the Entity alias input. The rest of configurations should be left with the default values. When done click the Generate metadata button.In the Metadata Details page follow the steps listed in section “In order to permanently store the metadata follow these instructions:“.
After the restart of the Muse web service, access again the Muse SSO Metadata Administration page, the metadata details for the newly added entity and click the Download entity metadata button to download it. -
Setup a new application in the Azure Portal
Access the Azure Portal at:
https://portal.azure.com/
and navigate to Azure Active Directory -> Enterprise applications from the menu and click New Application. Add the custom application by accessing Create your own application link and add the name of the application (e.g. Muse Search), making sure the option Integrate any other application you don’t find in the gallery (Non-gallery) is selected. Then chose the application created and select Setup single sign-on from the Manage menu, and then click the “SAML” button to access the configuration guide.In the new page click the Upload metadata file and select the metadata file which was downloaded at the previous step. All necessary values will be loaded in the Basic SAML Configuration, click the Save button to store them.
From the Set up Single Sign-On with SAML page, copy the value of App Federation Metadata Url to be used at the next step.
Make sure that the necessary user groups and users are configured to access the newly created Azure application. See the below instructions for doing this:
https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/add-application-portal-assign-users -
Generate a new IDP
Access the Muse SSO Metadata Administration pages (as described at #1) and click the Add new identity provider metadata button.
In the Add New IDP Metadata files page, enter the URL copied from the Azure Portal in the Take metadata from URL: input and click the Test IDP metadata button.Next follow the instructions listed in the page to finalize the setup of the new IDP entity.
-
Wire the Muse Search Application for SAML authentication
Follow the instruction from below to finalize the setup of SAML authentication with Microsoft Azure AD.
– Edit the
${MUSE_HOME}/aas/jaas.config
file and add at the end of the file the below entry:
MuseKnowledge.Azure {
com.edulib.ice.security.authentication.ICELoginModulePropertiesExtractor requisite config="${ICE_HOME}/profiles/ICELoginModulePropertiesExtractor.Azure.xml";
com.edulib.ice.security.authentication.ICELoginModule requisite ;
};
– Download this file and place it in the following location${USE_HOME}/profiles/
. Edit the downloaded file, locate the following placeholders:PLACE_HERE_THE_IDP_ENTITY_ID
,MuseSearchApplicationID
andMuseSearchApplicationPassword
and replace them with the appropriate values.
– Test the integration using an URL of the form:
https://your_domain/muse/servlet/MusePeer/logon/alias/ALIAS?action=logon&userID=MuseKnowledge.Azure&templateFile=passThrough.html&errorTemplate=logon/logon.html&reuseSession=true&idp=IDP_ENTITY_ID
where replaceyour_domain
,ALIAS
andIDP_ENTITY_ID
with the appropriate values.
The access into the Muse Administration Consoles such as the MCAA (Muse Console for Applications Administration) is secured by IP authentication, besides Username/Password.
The access point for the MCAA console is:
http(s)://your_Muse_host:Port/mmc/
There are 2 methods for adding a new IP as an allowed IP address from where the MCAA console can be accessed:
1. From the MCAA console (reommmended). Login into the MCAA console from an already allowed IP address and follow the below steps:
- Access the Users top menu;
- From the Users page access the left menu item – Muse Authentication and Authorization Users;
- In the new page select the mcaa user (or the desired administrator user from the list) and click the left menu item – Edit Access Rules;
- In the Edit Access Rules pop-up page, click an Insert link corresponding to the last entry from the list;
- For the new item that was added, edit the IP value and add the desired IP address. When done click the Update button.
- Access the Muse server remotely, the access method differs, depending on the Operating System
(RDP/VNC/TeamViewer,
etc. for Windows based systems, SSH/VNC, etc. for Linux based systems); - Edit the file
${MUSE_HOME}/aas/hosts.xml
file. - Locate the
USER_RULE
section corresponding to the mcaa user (or the desired administrator). It should look like:mcaa - Add next to the existing IP rules a new entry as following:
, where replace Your_IP_Address with the actual IP address value.Your_IP_Address
The first step to try to resolve this issue is to update the Source(s) in question. If the installation date and status information still does not display after the Source(s) are updated, it is possible that the XML database is corrupted.
Use our backup & restore utility to recover from this problem. This procedure is detailed under the XMLDB category.
The configuration file for setting the SMTP_HOST
, SUPPORT_EMAIL
(the email address where problems are reported) and other SMTP characteristics such as port, SSL/TLS, username/password, certificates, is $MUSE_HOME/admin/MuseAdmin.xml
. A description for each SMTP property can be found in the comments area of the MuseAdmin.xml file and in the “Muse Administrator.pdf” manual.
The email settings from this file are used for sending a Source Problem Report using a Muse Administrator Console, like Muse Console for Applications Administration or Muse Console for Customer Support.
Notes:
- The SMTP_HOST must be configured to relay emails for the Muse server;
- If the SMTP server uses a secure connection (SSL/TLS) you must provide the necessary certificates. If the SMTP certificate is signed by a known Certificate Authority like Verisign for example, which is in the JDK’s keystore, there is no need to provide the certificate anymore;
- If the SMTP requires authentication then you must provide a working username/password too;
- In order for the changes in the $MUSE_HOME/admin/MuseAdmin.xml file to take effect, the Muse HTTP or Muse Embedded Apache Tomcat server (depending on which is available in your Muse version) must be restarted.
The “An error occured when list personal users for application applicationid: Personal Profile Management System will not be used because it could not be initialized. Probably xmldb location is not properly set. [Connection refused]” error is caused by a wrong port setting in MuseAdmin.xml file.
Please check the $MUSE_HOME/admin/MuseAdmin.xml
file, locate the
tag and check if the port is the same as the one Muse HTTP server/Apache Tomcat (depending on the Muse version) is running on.
Deleting a Source through the Console deletes all entry points to that Source from the Console. The backup files are not deleted, however, so the way to access the .bak files for the Source is to add the Source to the Application again. The backups will be available through the Backup/Restore tab once the Source is relinked to the Application. Previous settings will be restored to the Source once the Restore process is done. (Please note that your restore is successful even though there is no on-screen confirmation.)
Updating a Source Package installed in a Muse Application or adding a new one make use of the Global InfoBase service. The access to the Global InfoBase service is done with a username/password combination that were assigned to you by MuseGlobal.
The fact that you get “Source package decode error” messages when updating Muse Source Packages in the Muse Administration Console shows that you did not configure in your Muse installation the username/password for accessing the Global Source Factory service.
There are 2 ways for configuring the access details for the Global Source Factory service in a Muse installation:
- At the Muse system level. This means that you configure the username/password for accessing the Global Source Factory service at the system level and all administrative users like mcaa and mccs make use of it. To do this setting edit the ${MUSE_HOME}/factory/SourceFactory.xml file and fill in the GLOBAL_IB_USERand GLOBAL_IB_PASSWORD fields with the username/password that were provided to you by MuseGlobal. You should have there the startersf default restrictive details, just replace them with the ones provided to you. A restart of the Muse Embedded Tomcat server is required for this setting to take effect.
- At the administrative user level. This means that you can configure the username/password for accessing the Global InfoBase service individually, for each Muse Administration user (like mcaa, mccs). The advantage of this configuration is that you can specify different access details for the Global InfoBase service for each Muse Administration user. Another advantage is that the restart of the Muse Embedded Tomcat server is no longer required. Specifying the access details for the Global InfoBase service for a Muse Administration user is done through the Muse Console for Applications Administration interface (mcaa user) as follows:
- login into the Muse Console for Applications Administration interface as the mcaa user.
- go to the Users tab, locate the desired administration user, select it and click on the "Edit Properties" leftmenu item.
- in the "Edit MAB User Properties" panel fill in the "Global InfoBase User Name" and "Global InfoBase User Password" fields with the appropriate values.
- re-login into the Muse Administration Console if the setting was done for the mcaa user or login with the user for which the Global InfoBase details were updated.
Such and error may occur in 2 cases:
A. the username and password used to access the Global InfoBase are not correct and/or
B. the Muse communication with Global InfoBase is not successful.
A. The u/p used to access the Global InfoBase are set for each admin user via Designer console or Muse Console for Applications Administration.
Using Muse Console for Applications Administration (starting with Muse 2300), the Global InfoBase u/p can be changed as following:
– log in Muse Console for Applications Administration,
– go to “Users”,
– select a user and click “Edit Properties”,
– in the window that opens, set the “Global InfoBase User Name” and “Global InfoBase User Password”.
Using Designer Admin console (before Muse 2300), the Global InfoBase u/p can be changed as following:
– log in Designer console,
– go to “Users”,
– click “Muse Admin Bridge” ,
– click “Properties” of the admin user that must be checked,
– in the window that opens, set the “Global InfoBase User Name” and “Global InfoBase User Password”.
B. Unsuccessful communication between Muse and Global InfoBase can be caused by a transparent HTTP proxy between the two. The communication with Global InfoBase is based on XML requests and responses over TCP sockets. Many HTTP proxies cannot handle such XML requests and responses because the communication is not over the HTTP protocol and thus a HTTP proxy cannot handle it, because it tries to understand HTTP headers. Because of that, the message presented to the user is (Global InfoBase error: … Wrong user name or password.) since Muse does not get back a message confirming the successful authentication to Global InfoBase.
The best solution for this case is to give full Internet access to the Muse server or at least to factory.museglobal.com:80. If this is not possible due to special security policies, we recommend the following workarounds:
- if the outgoing communication to port 8005 is not passed through the transparent proxy (and if there is no firewall blocking such requests on client side), change the port in the
$MUSE_HOME/factory/SourceFactory.xml
from 80 to 8005 (e.g. enter 8005 as value in the"
field)." - switch the communication of the Muse server with SourceFactory on SSL. Even if the traffic passes through proxy, being on SSL, the proxy will not interfere and the communication will stand. To do this, change the port in the
$MUSE_HOME/factory/SourceFactory.xml
from 80 to 443 (e.g. enter 443 as value in the"
field) and also set"
field to "yes". Please note that this option is only available fro Muse versions 2.3.1.1 and above.
Note: After such a port change, Muse HTTP server/Apache Tomcat must be restarted.
Not seeing the SPs related data, as status, version, install and build dates, can point an issue with the Local InfoBase.
The most comon issues that have these results are:
1) XMLDB corruption
For more information about this, please see the “How do I perform a backup/restore operation of the XML database?” (1019) FAQ.
2) InfoBase Bridge not started due to a port conflict
Muse InfoBase Bridge is using the 8005 port, so please check the Embedded Apache Tomcat logs to see if there are any entries of the form (which point a conflict):
Address already in use: JVM_Bind:8005
This port can cause a conflict if on the machine there is an external Apache Tomcat (or other software) running and listening on this port. In case of Apache Tomcat, the 8005 port is used for shutdown and it is configured in the $TOMCAT_HOME/conf/server.xml.
For other servers, please consult their documentation.
The advice is to change the port of external Apache Tomcat or any other software (not Muse) to something else, eg: 8115, and restart that server and Embedded Apache Tomcat.
The procedure of creating a new admin user is fully described in the “Muse Console for Application Administration.pdf” document, chapter “Administrative Users Setup and Maintenance”.
A particular case of creating a new admin user is if that user must has rights only on one application. Thus, when selecting a grant entry to grant a permission, from the list of available options one must chose “Modify Application”. Having only this grant added, then only one application will be available to be selected for administration. In the list of available applications, the new admin user will only see the selected aplication.
There is a “Forgot your password? Recover it.” feature in the Muse applications. When clicking on it, an email containing the configured password will be sent at the user’s email address. For this feature to work, the email settings configured at the application level must be correct and working.
Also, this feature is accessible from within the application, in other words you must login into the application in order to access the “Forgot your password? Recover it.” feature.
In the case of an application configured with IP authentication for “in Campus” and Personal User for “off Campus” access, the end user can access the “Forgot your password? Recover it.” feature only from in Campus.
There are two ways to set the default result display:
1. At the individual user level: this can be done directly by the end user within the Application when the user is logged into his personal account. Note that setting this preference will not result in a global change for the Application, just for the personal account in which it is configured.
2. At the Application level (as a global change to the Application) by modifying the “displayLevel” setting in the ${APPLICATION_HOME}/www/application/searchOptions.db
file. The values that can be set in this parameter are: “oneLine”, “brief” and “full”. For example, if the full display is wanted, the line within the searchOptions.db files should be:
Note that the setting at the Application level is superseded by the setting at the user level.
Yes, multiple email addresses can be specified in the $MUSE_HOME/admin/MuseAdmin.xml
file using a semicolon as the delimiter. After modifying the $MUSE_HOME/admin/MuseAdmin.xml
file the Muse HTTP server must be restarted.
We strongly recommend using a Muse admin console to do an Application backup instead of creating a copy of the Application’s directory.
The backup/restore feature is available starting Muse 2.2.0.0 and was especially created for such purposes. It backs up an entire Application under the "${MUSE_HOME}/admin/tmp/backup/"
directory by creating a file with the name "${APPLICATION_ID}.${timeStamp}.bak"
for each backup action.
Multiple Applications can be backed up simultaneously – however, the restore is a “one Application at a time” process. Also, a single Application can be backed up multiple times; upon restore, the user is prompted with all the backups ever made for that Application.
The procedure to change/remove the default sorting algorithm in an application (Muse 2.3.0.2. or above) is:
– log into the MCAA/MCCS,
– select an application,
– click Application Modules,
– click Ranking Keys,
– click Update Interface,
– select for which language to make the change,
– select the desired default ordering method/key (right side),
– click Update,
– click Close Window button.
Note that this applies for applications based on a MuseFoundation application template. To verify the changes relogin into the application.
For applications that are based on an older application template, the settings must be manually done because they are not compatible with the newer Muse admin consoles (MCAA/MCCS).
Below are the changes that must be done to configure the default sorting algorithm in applications based on older templates. Edit the
– $APPLICATION_HOME/www/application/searchOptions.db
file and/or the
– $APPLICATION_HOME/www/international/XYZ/application/searchOptions.db
file(s), where XYZ is the language code.
The line
which is equivalent to None (no ordering), must be replaced with:
or any other sorting key, such as:
– ICERankingKeyAuthor
– ICERankingKeyAuthorTitle
– ICERankingKeyDate
– ICERankingKeyField
– ICERankingKeyRelevance
– ICERankingKeyRetrieved
– ICERankingKeySource
– ICERankingKeyTitle
depending on the needes.
Load More
Follow the instructions from bellow for configuring the authentication for the Muse Search Application with Microsoft’s Azure Active Directory, using SAML.
In this scenario, the Muse Search Application is the Service Provider (SP), while Azure AD is the Identity Provider (IDP).
-
Generate the Service Provider Metadata
Access the administration end point for SAML at an URL of the form:
https://your_domain/muse/saml/web/metadata
where replaceyour_domain
with the actual domain of the Muse installation.
Useadmin
as the username and the configured password.In the Muse SSO Metadata Administration page click on the Generate new service provider button to access the metadata generation page.
In the Metadata Generation page, make sure the Signing key and Encryption key values are the proper ones. Fill in an alias value in the Entity alias input. The rest of configurations should be left with the default values. When done click the Generate metadata button.In the Metadata Details page follow the steps listed in section “In order to permanently store the metadata follow these instructions:“.
After the restart of the Muse web service, access again the Muse SSO Metadata Administration page, the metadata details for the newly added entity and click the Download entity metadata button to download it. -
Setup a new application in the Azure Portal
Access the Azure Portal at:
https://portal.azure.com/
and navigate to Azure Active Directory -> Enterprise applications from the menu and click New Application. Add the custom application by accessing Create your own application link and add the name of the application (e.g. Muse Search), making sure the option Integrate any other application you don’t find in the gallery (Non-gallery) is selected. Then chose the application created and select Setup single sign-on from the Manage menu, and then click the “SAML” button to access the configuration guide.In the new page click the Upload metadata file and select the metadata file which was downloaded at the previous step. All necessary values will be loaded in the Basic SAML Configuration, click the Save button to store them.
From the Set up Single Sign-On with SAML page, copy the value of App Federation Metadata Url to be used at the next step.
Make sure that the necessary user groups and users are configured to access the newly created Azure application. See the below instructions for doing this:
https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/add-application-portal-assign-users -
Generate a new IDP
Access the Muse SSO Metadata Administration pages (as described at #1) and click the Add new identity provider metadata button.
In the Add New IDP Metadata files page, enter the URL copied from the Azure Portal in the Take metadata from URL: input and click the Test IDP metadata button.Next follow the instructions listed in the page to finalize the setup of the new IDP entity.
-
Wire the Muse Search Application for SAML authentication
Follow the instruction from below to finalize the setup of SAML authentication with Microsoft Azure AD.
– Edit the
${MUSE_HOME}/aas/jaas.config
file and add at the end of the file the below entry:
MuseKnowledge.Azure {
com.edulib.ice.security.authentication.ICELoginModulePropertiesExtractor requisite config="${ICE_HOME}/profiles/ICELoginModulePropertiesExtractor.Azure.xml";
com.edulib.ice.security.authentication.ICELoginModule requisite ;
};
– Download this file and place it in the following location${USE_HOME}/profiles/
. Edit the downloaded file, locate the following placeholders:PLACE_HERE_THE_IDP_ENTITY_ID
,MuseSearchApplicationID
andMuseSearchApplicationPassword
and replace them with the appropriate values.
– Test the integration using an URL of the form:
https://your_domain/muse/servlet/MusePeer/logon/alias/ALIAS?action=logon&userID=MuseKnowledge.Azure&templateFile=passThrough.html&errorTemplate=logon/logon.html&reuseSession=true&idp=IDP_ENTITY_ID
where replaceyour_domain
,ALIAS
andIDP_ENTITY_ID
with the appropriate values.
The access into the Muse Administration Consoles such as the MCAA (Muse Console for Applications Administration) is secured by IP authentication, besides Username/Password.
The access point for the MCAA console is:
http(s)://your_Muse_host:Port/mmc/
There are 2 methods for adding a new IP as an allowed IP address from where the MCAA console can be accessed:
1. From the MCAA console (reommmended). Login into the MCAA console from an already allowed IP address and follow the below steps:
- Access the Users top menu;
- From the Users page access the left menu item – Muse Authentication and Authorization Users;
- In the new page select the mcaa user (or the desired administrator user from the list) and click the left menu item – Edit Access Rules;
- In the Edit Access Rules pop-up page, click an Insert link corresponding to the last entry from the list;
- For the new item that was added, edit the IP value and add the desired IP address. When done click the Update button.
- Access the Muse server remotely, the access method differs, depending on the Operating System
(RDP/VNC/TeamViewer,
etc. for Windows based systems, SSH/VNC, etc. for Linux based systems); - Edit the file
${MUSE_HOME}/aas/hosts.xml
file. - Locate the
USER_RULE
section corresponding to the mcaa user (or the desired administrator). It should look like:mcaa - Add next to the existing IP rules a new entry as following:
, where replace Your_IP_Address with the actual IP address value.Your_IP_Address
The first step to try to resolve this issue is to update the Source(s) in question. If the installation date and status information still does not display after the Source(s) are updated, it is possible that the XML database is corrupted.
Use our backup & restore utility to recover from this problem. This procedure is detailed under the XMLDB category.
The configuration file for setting the SMTP_HOST
, SUPPORT_EMAIL
(the email address where problems are reported) and other SMTP characteristics such as port, SSL/TLS, username/password, certificates, is $MUSE_HOME/admin/MuseAdmin.xml
. A description for each SMTP property can be found in the comments area of the MuseAdmin.xml file and in the “Muse Administrator.pdf” manual.
The email settings from this file are used for sending a Source Problem Report using a Muse Administrator Console, like Muse Console for Applications Administration or Muse Console for Customer Support.
Notes:
- The SMTP_HOST must be configured to relay emails for the Muse server;
- If the SMTP server uses a secure connection (SSL/TLS) you must provide the necessary certificates. If the SMTP certificate is signed by a known Certificate Authority like Verisign for example, which is in the JDK’s keystore, there is no need to provide the certificate anymore;
- If the SMTP requires authentication then you must provide a working username/password too;
- In order for the changes in the $MUSE_HOME/admin/MuseAdmin.xml file to take effect, the Muse HTTP or Muse Embedded Apache Tomcat server (depending on which is available in your Muse version) must be restarted.
The “An error occured when list personal users for application applicationid: Personal Profile Management System will not be used because it could not be initialized. Probably xmldb location is not properly set. [Connection refused]” error is caused by a wrong port setting in MuseAdmin.xml file.
Please check the $MUSE_HOME/admin/MuseAdmin.xml
file, locate the
tag and check if the port is the same as the one Muse HTTP server/Apache Tomcat (depending on the Muse version) is running on.
Deleting a Source through the Console deletes all entry points to that Source from the Console. The backup files are not deleted, however, so the way to access the .bak files for the Source is to add the Source to the Application again. The backups will be available through the Backup/Restore tab once the Source is relinked to the Application. Previous settings will be restored to the Source once the Restore process is done. (Please note that your restore is successful even though there is no on-screen confirmation.)
Updating a Source Package installed in a Muse Application or adding a new one make use of the Global InfoBase service. The access to the Global InfoBase service is done with a username/password combination that were assigned to you by MuseGlobal.
The fact that you get “Source package decode error” messages when updating Muse Source Packages in the Muse Administration Console shows that you did not configure in your Muse installation the username/password for accessing the Global Source Factory service.
There are 2 ways for configuring the access details for the Global Source Factory service in a Muse installation:
- At the Muse system level. This means that you configure the username/password for accessing the Global Source Factory service at the system level and all administrative users like mcaa and mccs make use of it. To do this setting edit the ${MUSE_HOME}/factory/SourceFactory.xml file and fill in the GLOBAL_IB_USERand GLOBAL_IB_PASSWORD fields with the username/password that were provided to you by MuseGlobal. You should have there the startersf default restrictive details, just replace them with the ones provided to you. A restart of the Muse Embedded Tomcat server is required for this setting to take effect.
- At the administrative user level. This means that you can configure the username/password for accessing the Global InfoBase service individually, for each Muse Administration user (like mcaa, mccs). The advantage of this configuration is that you can specify different access details for the Global InfoBase service for each Muse Administration user. Another advantage is that the restart of the Muse Embedded Tomcat server is no longer required. Specifying the access details for the Global InfoBase service for a Muse Administration user is done through the Muse Console for Applications Administration interface (mcaa user) as follows:
- login into the Muse Console for Applications Administration interface as the mcaa user.
- go to the Users tab, locate the desired administration user, select it and click on the "Edit Properties" leftmenu item.
- in the "Edit MAB User Properties" panel fill in the "Global InfoBase User Name" and "Global InfoBase User Password" fields with the appropriate values.
- re-login into the Muse Administration Console if the setting was done for the mcaa user or login with the user for which the Global InfoBase details were updated.
Such and error may occur in 2 cases:
A. the username and password used to access the Global InfoBase are not correct and/or
B. the Muse communication with Global InfoBase is not successful.
A. The u/p used to access the Global InfoBase are set for each admin user via Designer console or Muse Console for Applications Administration.
Using Muse Console for Applications Administration (starting with Muse 2300), the Global InfoBase u/p can be changed as following:
– log in Muse Console for Applications Administration,
– go to “Users”,
– select a user and click “Edit Properties”,
– in the window that opens, set the “Global InfoBase User Name” and “Global InfoBase User Password”.
Using Designer Admin console (before Muse 2300), the Global InfoBase u/p can be changed as following:
– log in Designer console,
– go to “Users”,
– click “Muse Admin Bridge” ,
– click “Properties” of the admin user that must be checked,
– in the window that opens, set the “Global InfoBase User Name” and “Global InfoBase User Password”.
B. Unsuccessful communication between Muse and Global InfoBase can be caused by a transparent HTTP proxy between the two. The communication with Global InfoBase is based on XML requests and responses over TCP sockets. Many HTTP proxies cannot handle such XML requests and responses because the communication is not over the HTTP protocol and thus a HTTP proxy cannot handle it, because it tries to understand HTTP headers. Because of that, the message presented to the user is (Global InfoBase error: … Wrong user name or password.) since Muse does not get back a message confirming the successful authentication to Global InfoBase.
The best solution for this case is to give full Internet access to the Muse server or at least to factory.museglobal.com:80. If this is not possible due to special security policies, we recommend the following workarounds:
- if the outgoing communication to port 8005 is not passed through the transparent proxy (and if there is no firewall blocking such requests on client side), change the port in the
$MUSE_HOME/factory/SourceFactory.xml
from 80 to 8005 (e.g. enter 8005 as value in the"
field)." - switch the communication of the Muse server with SourceFactory on SSL. Even if the traffic passes through proxy, being on SSL, the proxy will not interfere and the communication will stand. To do this, change the port in the
$MUSE_HOME/factory/SourceFactory.xml
from 80 to 443 (e.g. enter 443 as value in the"
field) and also set"
field to "yes". Please note that this option is only available fro Muse versions 2.3.1.1 and above.
Note: After such a port change, Muse HTTP server/Apache Tomcat must be restarted.
Not seeing the SPs related data, as status, version, install and build dates, can point an issue with the Local InfoBase.
The most comon issues that have these results are:
1) XMLDB corruption
For more information about this, please see the “How do I perform a backup/restore operation of the XML database?” (1019) FAQ.
2) InfoBase Bridge not started due to a port conflict
Muse InfoBase Bridge is using the 8005 port, so please check the Embedded Apache Tomcat logs to see if there are any entries of the form (which point a conflict):
Address already in use: JVM_Bind:8005
This port can cause a conflict if on the machine there is an external Apache Tomcat (or other software) running and listening on this port. In case of Apache Tomcat, the 8005 port is used for shutdown and it is configured in the $TOMCAT_HOME/conf/server.xml.
For other servers, please consult their documentation.
The advice is to change the port of external Apache Tomcat or any other software (not Muse) to something else, eg: 8115, and restart that server and Embedded Apache Tomcat.
The procedure of creating a new admin user is fully described in the “Muse Console for Application Administration.pdf” document, chapter “Administrative Users Setup and Maintenance”.
A particular case of creating a new admin user is if that user must has rights only on one application. Thus, when selecting a grant entry to grant a permission, from the list of available options one must chose “Modify Application”. Having only this grant added, then only one application will be available to be selected for administration. In the list of available applications, the new admin user will only see the selected aplication.
There is a “Forgot your password? Recover it.” feature in the Muse applications. When clicking on it, an email containing the configured password will be sent at the user’s email address. For this feature to work, the email settings configured at the application level must be correct and working.
Also, this feature is accessible from within the application, in other words you must login into the application in order to access the “Forgot your password? Recover it.” feature.
In the case of an application configured with IP authentication for “in Campus” and Personal User for “off Campus” access, the end user can access the “Forgot your password? Recover it.” feature only from in Campus.
There are two ways to set the default result display:
1. At the individual user level: this can be done directly by the end user within the Application when the user is logged into his personal account. Note that setting this preference will not result in a global change for the Application, just for the personal account in which it is configured.
2. At the Application level (as a global change to the Application) by modifying the “displayLevel” setting in the ${APPLICATION_HOME}/www/application/searchOptions.db
file. The values that can be set in this parameter are: “oneLine”, “brief” and “full”. For example, if the full display is wanted, the line within the searchOptions.db files should be:
Note that the setting at the Application level is superseded by the setting at the user level.
Yes, multiple email addresses can be specified in the $MUSE_HOME/admin/MuseAdmin.xml
file using a semicolon as the delimiter. After modifying the $MUSE_HOME/admin/MuseAdmin.xml
file the Muse HTTP server must be restarted.
We strongly recommend using a Muse admin console to do an Application backup instead of creating a copy of the Application’s directory.
The backup/restore feature is available starting Muse 2.2.0.0 and was especially created for such purposes. It backs up an entire Application under the "${MUSE_HOME}/admin/tmp/backup/"
directory by creating a file with the name "${APPLICATION_ID}.${timeStamp}.bak"
for each backup action.
Multiple Applications can be backed up simultaneously – however, the restore is a “one Application at a time” process. Also, a single Application can be backed up multiple times; upon restore, the user is prompted with all the backups ever made for that Application.
The procedure to change/remove the default sorting algorithm in an application (Muse 2.3.0.2. or above) is:
– log into the MCAA/MCCS,
– select an application,
– click Application Modules,
– click Ranking Keys,
– click Update Interface,
– select for which language to make the change,
– select the desired default ordering method/key (right side),
– click Update,
– click Close Window button.
Note that this applies for applications based on a MuseFoundation application template. To verify the changes relogin into the application.
For applications that are based on an older application template, the settings must be manually done because they are not compatible with the newer Muse admin consoles (MCAA/MCCS).
Below are the changes that must be done to configure the default sorting algorithm in applications based on older templates. Edit the
– $APPLICATION_HOME/www/application/searchOptions.db
file and/or the
– $APPLICATION_HOME/www/international/XYZ/application/searchOptions.db
file(s), where XYZ is the language code.
The line
which is equivalent to None (no ordering), must be replaced with:
or any other sorting key, such as:
– ICERankingKeyAuthor
– ICERankingKeyAuthorTitle
– ICERankingKeyDate
– ICERankingKeyField
– ICERankingKeyRelevance
– ICERankingKeyRetrieved
– ICERankingKeySource
– ICERankingKeyTitle
depending on the needes.
Load More
Follow the instructions from bellow for configuring the authentication for the Muse Search Application with Microsoft’s Azure Active Directory, using SAML.
In this scenario, the Muse Search Application is the Service Provider (SP), while Azure AD is the Identity Provider (IDP).
-
Generate the Service Provider Metadata
Access the administration end point for SAML at an URL of the form:
https://your_domain/muse/saml/web/metadata
where replaceyour_domain
with the actual domain of the Muse installation.
Useadmin
as the username and the configured password.In the Muse SSO Metadata Administration page click on the Generate new service provider button to access the metadata generation page.
In the Metadata Generation page, make sure the Signing key and Encryption key values are the proper ones. Fill in an alias value in the Entity alias input. The rest of configurations should be left with the default values. When done click the Generate metadata button.In the Metadata Details page follow the steps listed in section “In order to permanently store the metadata follow these instructions:“.
After the restart of the Muse web service, access again the Muse SSO Metadata Administration page, the metadata details for the newly added entity and click the Download entity metadata button to download it. -
Setup a new application in the Azure Portal
Access the Azure Portal at:
https://portal.azure.com/
and navigate to Azure Active Directory -> Enterprise applications from the menu and click New Application. Add the custom application by accessing Create your own application link and add the name of the application (e.g. Muse Search), making sure the option Integrate any other application you don’t find in the gallery (Non-gallery) is selected. Then chose the application created and select Setup single sign-on from the Manage menu, and then click the “SAML” button to access the configuration guide.In the new page click the Upload metadata file and select the metadata file which was downloaded at the previous step. All necessary values will be loaded in the Basic SAML Configuration, click the Save button to store them.
From the Set up Single Sign-On with SAML page, copy the value of App Federation Metadata Url to be used at the next step.
Make sure that the necessary user groups and users are configured to access the newly created Azure application. See the below instructions for doing this:
https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/add-application-portal-assign-users -
Generate a new IDP
Access the Muse SSO Metadata Administration pages (as described at #1) and click the Add new identity provider metadata button.
In the Add New IDP Metadata files page, enter the URL copied from the Azure Portal in the Take metadata from URL: input and click the Test IDP metadata button.Next follow the instructions listed in the page to finalize the setup of the new IDP entity.
-
Wire the Muse Search Application for SAML authentication
Follow the instruction from below to finalize the setup of SAML authentication with Microsoft Azure AD.
– Edit the
${MUSE_HOME}/aas/jaas.config
file and add at the end of the file the below entry:
MuseKnowledge.Azure {
com.edulib.ice.security.authentication.ICELoginModulePropertiesExtractor requisite config="${ICE_HOME}/profiles/ICELoginModulePropertiesExtractor.Azure.xml";
com.edulib.ice.security.authentication.ICELoginModule requisite ;
};
– Download this file and place it in the following location${USE_HOME}/profiles/
. Edit the downloaded file, locate the following placeholders:PLACE_HERE_THE_IDP_ENTITY_ID
,MuseSearchApplicationID
andMuseSearchApplicationPassword
and replace them with the appropriate values.
– Test the integration using an URL of the form:
https://your_domain/muse/servlet/MusePeer/logon/alias/ALIAS?action=logon&userID=MuseKnowledge.Azure&templateFile=passThrough.html&errorTemplate=logon/logon.html&reuseSession=true&idp=IDP_ENTITY_ID
where replaceyour_domain
,ALIAS
andIDP_ENTITY_ID
with the appropriate values.
The access into the Muse Administration Consoles such as the MCAA (Muse Console for Applications Administration) is secured by IP authentication, besides Username/Password.
The access point for the MCAA console is:
http(s)://your_Muse_host:Port/mmc/
There are 2 methods for adding a new IP as an allowed IP address from where the MCAA console can be accessed:
1. From the MCAA console (reommmended). Login into the MCAA console from an already allowed IP address and follow the below steps:
- Access the Users top menu;
- From the Users page access the left menu item – Muse Authentication and Authorization Users;
- In the new page select the mcaa user (or the desired administrator user from the list) and click the left menu item – Edit Access Rules;
- In the Edit Access Rules pop-up page, click an Insert link corresponding to the last entry from the list;
- For the new item that was added, edit the IP value and add the desired IP address. When done click the Update button.
- Access the Muse server remotely, the access method differs, depending on the Operating System
(RDP/VNC/TeamViewer,
etc. for Windows based systems, SSH/VNC, etc. for Linux based systems); - Edit the file
${MUSE_HOME}/aas/hosts.xml
file. - Locate the
USER_RULE
section corresponding to the mcaa user (or the desired administrator). It should look like:mcaa - Add next to the existing IP rules a new entry as following:
, where replace Your_IP_Address with the actual IP address value.Your_IP_Address
The first step to try to resolve this issue is to update the Source(s) in question. If the installation date and status information still does not display after the Source(s) are updated, it is possible that the XML database is corrupted.
Use our backup & restore utility to recover from this problem. This procedure is detailed under the XMLDB category.
The configuration file for setting the SMTP_HOST
, SUPPORT_EMAIL
(the email address where problems are reported) and other SMTP characteristics such as port, SSL/TLS, username/password, certificates, is $MUSE_HOME/admin/MuseAdmin.xml
. A description for each SMTP property can be found in the comments area of the MuseAdmin.xml file and in the “Muse Administrator.pdf” manual.
The email settings from this file are used for sending a Source Problem Report using a Muse Administrator Console, like Muse Console for Applications Administration or Muse Console for Customer Support.
Notes:
- The SMTP_HOST must be configured to relay emails for the Muse server;
- If the SMTP server uses a secure connection (SSL/TLS) you must provide the necessary certificates. If the SMTP certificate is signed by a known Certificate Authority like Verisign for example, which is in the JDK’s keystore, there is no need to provide the certificate anymore;
- If the SMTP requires authentication then you must provide a working username/password too;
- In order for the changes in the $MUSE_HOME/admin/MuseAdmin.xml file to take effect, the Muse HTTP or Muse Embedded Apache Tomcat server (depending on which is available in your Muse version) must be restarted.
The “An error occured when list personal users for application applicationid: Personal Profile Management System will not be used because it could not be initialized. Probably xmldb location is not properly set. [Connection refused]” error is caused by a wrong port setting in MuseAdmin.xml file.
Please check the $MUSE_HOME/admin/MuseAdmin.xml
file, locate the
tag and check if the port is the same as the one Muse HTTP server/Apache Tomcat (depending on the Muse version) is running on.
Deleting a Source through the Console deletes all entry points to that Source from the Console. The backup files are not deleted, however, so the way to access the .bak files for the Source is to add the Source to the Application again. The backups will be available through the Backup/Restore tab once the Source is relinked to the Application. Previous settings will be restored to the Source once the Restore process is done. (Please note that your restore is successful even though there is no on-screen confirmation.)
Updating a Source Package installed in a Muse Application or adding a new one make use of the Global InfoBase service. The access to the Global InfoBase service is done with a username/password combination that were assigned to you by MuseGlobal.
The fact that you get “Source package decode error” messages when updating Muse Source Packages in the Muse Administration Console shows that you did not configure in your Muse installation the username/password for accessing the Global Source Factory service.
There are 2 ways for configuring the access details for the Global Source Factory service in a Muse installation:
- At the Muse system level. This means that you configure the username/password for accessing the Global Source Factory service at the system level and all administrative users like mcaa and mccs make use of it. To do this setting edit the ${MUSE_HOME}/factory/SourceFactory.xml file and fill in the GLOBAL_IB_USERand GLOBAL_IB_PASSWORD fields with the username/password that were provided to you by MuseGlobal. You should have there the startersf default restrictive details, just replace them with the ones provided to you. A restart of the Muse Embedded Tomcat server is required for this setting to take effect.
- At the administrative user level. This means that you can configure the username/password for accessing the Global InfoBase service individually, for each Muse Administration user (like mcaa, mccs). The advantage of this configuration is that you can specify different access details for the Global InfoBase service for each Muse Administration user. Another advantage is that the restart of the Muse Embedded Tomcat server is no longer required. Specifying the access details for the Global InfoBase service for a Muse Administration user is done through the Muse Console for Applications Administration interface (mcaa user) as follows:
- login into the Muse Console for Applications Administration interface as the mcaa user.
- go to the Users tab, locate the desired administration user, select it and click on the "Edit Properties" leftmenu item.
- in the "Edit MAB User Properties" panel fill in the "Global InfoBase User Name" and "Global InfoBase User Password" fields with the appropriate values.
- re-login into the Muse Administration Console if the setting was done for the mcaa user or login with the user for which the Global InfoBase details were updated.
Such and error may occur in 2 cases:
A. the username and password used to access the Global InfoBase are not correct and/or
B. the Muse communication with Global InfoBase is not successful.
A. The u/p used to access the Global InfoBase are set for each admin user via Designer console or Muse Console for Applications Administration.
Using Muse Console for Applications Administration (starting with Muse 2300), the Global InfoBase u/p can be changed as following:
– log in Muse Console for Applications Administration,
– go to “Users”,
– select a user and click “Edit Properties”,
– in the window that opens, set the “Global InfoBase User Name” and “Global InfoBase User Password”.
Using Designer Admin console (before Muse 2300), the Global InfoBase u/p can be changed as following:
– log in Designer console,
– go to “Users”,
– click “Muse Admin Bridge” ,
– click “Properties” of the admin user that must be checked,
– in the window that opens, set the “Global InfoBase User Name” and “Global InfoBase User Password”.
B. Unsuccessful communication between Muse and Global InfoBase can be caused by a transparent HTTP proxy between the two. The communication with Global InfoBase is based on XML requests and responses over TCP sockets. Many HTTP proxies cannot handle such XML requests and responses because the communication is not over the HTTP protocol and thus a HTTP proxy cannot handle it, because it tries to understand HTTP headers. Because of that, the message presented to the user is (Global InfoBase error: … Wrong user name or password.) since Muse does not get back a message confirming the successful authentication to Global InfoBase.
The best solution for this case is to give full Internet access to the Muse server or at least to factory.museglobal.com:80. If this is not possible due to special security policies, we recommend the following workarounds:
- if the outgoing communication to port 8005 is not passed through the transparent proxy (and if there is no firewall blocking such requests on client side), change the port in the
$MUSE_HOME/factory/SourceFactory.xml
from 80 to 8005 (e.g. enter 8005 as value in the"
field)." - switch the communication of the Muse server with SourceFactory on SSL. Even if the traffic passes through proxy, being on SSL, the proxy will not interfere and the communication will stand. To do this, change the port in the
$MUSE_HOME/factory/SourceFactory.xml
from 80 to 443 (e.g. enter 443 as value in the"
field) and also set"
field to "yes". Please note that this option is only available fro Muse versions 2.3.1.1 and above.
Note: After such a port change, Muse HTTP server/Apache Tomcat must be restarted.
Not seeing the SPs related data, as status, version, install and build dates, can point an issue with the Local InfoBase.
The most comon issues that have these results are:
1) XMLDB corruption
For more information about this, please see the “How do I perform a backup/restore operation of the XML database?” (1019) FAQ.
2) InfoBase Bridge not started due to a port conflict
Muse InfoBase Bridge is using the 8005 port, so please check the Embedded Apache Tomcat logs to see if there are any entries of the form (which point a conflict):
Address already in use: JVM_Bind:8005
This port can cause a conflict if on the machine there is an external Apache Tomcat (or other software) running and listening on this port. In case of Apache Tomcat, the 8005 port is used for shutdown and it is configured in the $TOMCAT_HOME/conf/server.xml.
For other servers, please consult their documentation.
The advice is to change the port of external Apache Tomcat or any other software (not Muse) to something else, eg: 8115, and restart that server and Embedded Apache Tomcat.
The procedure of creating a new admin user is fully described in the “Muse Console for Application Administration.pdf” document, chapter “Administrative Users Setup and Maintenance”.
A particular case of creating a new admin user is if that user must has rights only on one application. Thus, when selecting a grant entry to grant a permission, from the list of available options one must chose “Modify Application”. Having only this grant added, then only one application will be available to be selected for administration. In the list of available applications, the new admin user will only see the selected aplication.
There is a “Forgot your password? Recover it.” feature in the Muse applications. When clicking on it, an email containing the configured password will be sent at the user’s email address. For this feature to work, the email settings configured at the application level must be correct and working.
Also, this feature is accessible from within the application, in other words you must login into the application in order to access the “Forgot your password? Recover it.” feature.
In the case of an application configured with IP authentication for “in Campus” and Personal User for “off Campus” access, the end user can access the “Forgot your password? Recover it.” feature only from in Campus.
There are two ways to set the default result display:
1. At the individual user level: this can be done directly by the end user within the Application when the user is logged into his personal account. Note that setting this preference will not result in a global change for the Application, just for the personal account in which it is configured.
2. At the Application level (as a global change to the Application) by modifying the “displayLevel” setting in the ${APPLICATION_HOME}/www/application/searchOptions.db
file. The values that can be set in this parameter are: “oneLine”, “brief” and “full”. For example, if the full display is wanted, the line within the searchOptions.db files should be:
Note that the setting at the Application level is superseded by the setting at the user level.
Yes, multiple email addresses can be specified in the $MUSE_HOME/admin/MuseAdmin.xml
file using a semicolon as the delimiter. After modifying the $MUSE_HOME/admin/MuseAdmin.xml
file the Muse HTTP server must be restarted.
We strongly recommend using a Muse admin console to do an Application backup instead of creating a copy of the Application’s directory.
The backup/restore feature is available starting Muse 2.2.0.0 and was especially created for such purposes. It backs up an entire Application under the "${MUSE_HOME}/admin/tmp/backup/"
directory by creating a file with the name "${APPLICATION_ID}.${timeStamp}.bak"
for each backup action.
Multiple Applications can be backed up simultaneously – however, the restore is a “one Application at a time” process. Also, a single Application can be backed up multiple times; upon restore, the user is prompted with all the backups ever made for that Application.
The procedure to change/remove the default sorting algorithm in an application (Muse 2.3.0.2. or above) is:
– log into the MCAA/MCCS,
– select an application,
– click Application Modules,
– click Ranking Keys,
– click Update Interface,
– select for which language to make the change,
– select the desired default ordering method/key (right side),
– click Update,
– click Close Window button.
Note that this applies for applications based on a MuseFoundation application template. To verify the changes relogin into the application.
For applications that are based on an older application template, the settings must be manually done because they are not compatible with the newer Muse admin consoles (MCAA/MCCS).
Below are the changes that must be done to configure the default sorting algorithm in applications based on older templates. Edit the
– $APPLICATION_HOME/www/application/searchOptions.db
file and/or the
– $APPLICATION_HOME/www/international/XYZ/application/searchOptions.db
file(s), where XYZ is the language code.
The line
which is equivalent to None (no ordering), must be replaced with:
or any other sorting key, such as:
– ICERankingKeyAuthor
– ICERankingKeyAuthorTitle
– ICERankingKeyDate
– ICERankingKeyField
– ICERankingKeyRelevance
– ICERankingKeyRetrieved
– ICERankingKeySource
– ICERankingKeyTitle
depending on the needes.
Load More
Follow the instructions from bellow for configuring the authentication for the Muse Search Application with Microsoft’s Azure Active Directory, using SAML.
In this scenario, the Muse Search Application is the Service Provider (SP), while Azure AD is the Identity Provider (IDP).
-
Generate the Service Provider Metadata
Access the administration end point for SAML at an URL of the form:
https://your_domain/muse/saml/web/metadata
where replaceyour_domain
with the actual domain of the Muse installation.
Useadmin
as the username and the configured password.In the Muse SSO Metadata Administration page click on the Generate new service provider button to access the metadata generation page.
In the Metadata Generation page, make sure the Signing key and Encryption key values are the proper ones. Fill in an alias value in the Entity alias input. The rest of configurations should be left with the default values. When done click the Generate metadata button.In the Metadata Details page follow the steps listed in section “In order to permanently store the metadata follow these instructions:“.
After the restart of the Muse web service, access again the Muse SSO Metadata Administration page, the metadata details for the newly added entity and click the Download entity metadata button to download it. -
Setup a new application in the Azure Portal
Access the Azure Portal at:
https://portal.azure.com/
and navigate to Azure Active Directory -> Enterprise applications from the menu and click New Application. Add the custom application by accessing Create your own application link and add the name of the application (e.g. Muse Search), making sure the option Integrate any other application you don’t find in the gallery (Non-gallery) is selected. Then chose the application created and select Setup single sign-on from the Manage menu, and then click the “SAML” button to access the configuration guide.In the new page click the Upload metadata file and select the metadata file which was downloaded at the previous step. All necessary values will be loaded in the Basic SAML Configuration, click the Save button to store them.
From the Set up Single Sign-On with SAML page, copy the value of App Federation Metadata Url to be used at the next step.
Make sure that the necessary user groups and users are configured to access the newly created Azure application. See the below instructions for doing this:
https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/add-application-portal-assign-users -
Generate a new IDP
Access the Muse SSO Metadata Administration pages (as described at #1) and click the Add new identity provider metadata button.
In the Add New IDP Metadata files page, enter the URL copied from the Azure Portal in the Take metadata from URL: input and click the Test IDP metadata button.Next follow the instructions listed in the page to finalize the setup of the new IDP entity.
-
Wire the Muse Search Application for SAML authentication
Follow the instruction from below to finalize the setup of SAML authentication with Microsoft Azure AD.
– Edit the
${MUSE_HOME}/aas/jaas.config
file and add at the end of the file the below entry:
MuseKnowledge.Azure {
com.edulib.ice.security.authentication.ICELoginModulePropertiesExtractor requisite config="${ICE_HOME}/profiles/ICELoginModulePropertiesExtractor.Azure.xml";
com.edulib.ice.security.authentication.ICELoginModule requisite ;
};
– Download this file and place it in the following location${USE_HOME}/profiles/
. Edit the downloaded file, locate the following placeholders:PLACE_HERE_THE_IDP_ENTITY_ID
,MuseSearchApplicationID
andMuseSearchApplicationPassword
and replace them with the appropriate values.
– Test the integration using an URL of the form:
https://your_domain/muse/servlet/MusePeer/logon/alias/ALIAS?action=logon&userID=MuseKnowledge.Azure&templateFile=passThrough.html&errorTemplate=logon/logon.html&reuseSession=true&idp=IDP_ENTITY_ID
where replaceyour_domain
,ALIAS
andIDP_ENTITY_ID
with the appropriate values.
The access into the Muse Administration Consoles such as the MCAA (Muse Console for Applications Administration) is secured by IP authentication, besides Username/Password.
The access point for the MCAA console is:
http(s)://your_Muse_host:Port/mmc/
There are 2 methods for adding a new IP as an allowed IP address from where the MCAA console can be accessed:
1. From the MCAA console (reommmended). Login into the MCAA console from an already allowed IP address and follow the below steps:
- Access the Users top menu;
- From the Users page access the left menu item – Muse Authentication and Authorization Users;
- In the new page select the mcaa user (or the desired administrator user from the list) and click the left menu item – Edit Access Rules;
- In the Edit Access Rules pop-up page, click an Insert link corresponding to the last entry from the list;
- For the new item that was added, edit the IP value and add the desired IP address. When done click the Update button.
- Access the Muse server remotely, the access method differs, depending on the Operating System
(RDP/VNC/TeamViewer,
etc. for Windows based systems, SSH/VNC, etc. for Linux based systems); - Edit the file
${MUSE_HOME}/aas/hosts.xml
file. - Locate the
USER_RULE
section corresponding to the mcaa user (or the desired administrator). It should look like:mcaa - Add next to the existing IP rules a new entry as following:
, where replace Your_IP_Address with the actual IP address value.Your_IP_Address
The first step to try to resolve this issue is to update the Source(s) in question. If the installation date and status information still does not display after the Source(s) are updated, it is possible that the XML database is corrupted.
Use our backup & restore utility to recover from this problem. This procedure is detailed under the XMLDB category.
The configuration file for setting the SMTP_HOST
, SUPPORT_EMAIL
(the email address where problems are reported) and other SMTP characteristics such as port, SSL/TLS, username/password, certificates, is $MUSE_HOME/admin/MuseAdmin.xml
. A description for each SMTP property can be found in the comments area of the MuseAdmin.xml file and in the “Muse Administrator.pdf” manual.
The email settings from this file are used for sending a Source Problem Report using a Muse Administrator Console, like Muse Console for Applications Administration or Muse Console for Customer Support.
Notes:
- The SMTP_HOST must be configured to relay emails for the Muse server;
- If the SMTP server uses a secure connection (SSL/TLS) you must provide the necessary certificates. If the SMTP certificate is signed by a known Certificate Authority like Verisign for example, which is in the JDK’s keystore, there is no need to provide the certificate anymore;
- If the SMTP requires authentication then you must provide a working username/password too;
- In order for the changes in the $MUSE_HOME/admin/MuseAdmin.xml file to take effect, the Muse HTTP or Muse Embedded Apache Tomcat server (depending on which is available in your Muse version) must be restarted.
The “An error occured when list personal users for application applicationid: Personal Profile Management System will not be used because it could not be initialized. Probably xmldb location is not properly set. [Connection refused]” error is caused by a wrong port setting in MuseAdmin.xml file.
Please check the $MUSE_HOME/admin/MuseAdmin.xml
file, locate the
tag and check if the port is the same as the one Muse HTTP server/Apache Tomcat (depending on the Muse version) is running on.
Deleting a Source through the Console deletes all entry points to that Source from the Console. The backup files are not deleted, however, so the way to access the .bak files for the Source is to add the Source to the Application again. The backups will be available through the Backup/Restore tab once the Source is relinked to the Application. Previous settings will be restored to the Source once the Restore process is done. (Please note that your restore is successful even though there is no on-screen confirmation.)
Updating a Source Package installed in a Muse Application or adding a new one make use of the Global InfoBase service. The access to the Global InfoBase service is done with a username/password combination that were assigned to you by MuseGlobal.
The fact that you get “Source package decode error” messages when updating Muse Source Packages in the Muse Administration Console shows that you did not configure in your Muse installation the username/password for accessing the Global Source Factory service.
There are 2 ways for configuring the access details for the Global Source Factory service in a Muse installation:
- At the Muse system level. This means that you configure the username/password for accessing the Global Source Factory service at the system level and all administrative users like mcaa and mccs make use of it. To do this setting edit the ${MUSE_HOME}/factory/SourceFactory.xml file and fill in the GLOBAL_IB_USERand GLOBAL_IB_PASSWORD fields with the username/password that were provided to you by MuseGlobal. You should have there the startersf default restrictive details, just replace them with the ones provided to you. A restart of the Muse Embedded Tomcat server is required for this setting to take effect.
- At the administrative user level. This means that you can configure the username/password for accessing the Global InfoBase service individually, for each Muse Administration user (like mcaa, mccs). The advantage of this configuration is that you can specify different access details for the Global InfoBase service for each Muse Administration user. Another advantage is that the restart of the Muse Embedded Tomcat server is no longer required. Specifying the access details for the Global InfoBase service for a Muse Administration user is done through the Muse Console for Applications Administration interface (mcaa user) as follows:
- login into the Muse Console for Applications Administration interface as the mcaa user.
- go to the Users tab, locate the desired administration user, select it and click on the "Edit Properties" leftmenu item.
- in the "Edit MAB User Properties" panel fill in the "Global InfoBase User Name" and "Global InfoBase User Password" fields with the appropriate values.
- re-login into the Muse Administration Console if the setting was done for the mcaa user or login with the user for which the Global InfoBase details were updated.
Such and error may occur in 2 cases:
A. the username and password used to access the Global InfoBase are not correct and/or
B. the Muse communication with Global InfoBase is not successful.
A. The u/p used to access the Global InfoBase are set for each admin user via Designer console or Muse Console for Applications Administration.
Using Muse Console for Applications Administration (starting with Muse 2300), the Global InfoBase u/p can be changed as following:
– log in Muse Console for Applications Administration,
– go to “Users”,
– select a user and click “Edit Properties”,
– in the window that opens, set the “Global InfoBase User Name” and “Global InfoBase User Password”.
Using Designer Admin console (before Muse 2300), the Global InfoBase u/p can be changed as following:
– log in Designer console,
– go to “Users”,
– click “Muse Admin Bridge” ,
– click “Properties” of the admin user that must be checked,
– in the window that opens, set the “Global InfoBase User Name” and “Global InfoBase User Password”.
B. Unsuccessful communication between Muse and Global InfoBase can be caused by a transparent HTTP proxy between the two. The communication with Global InfoBase is based on XML requests and responses over TCP sockets. Many HTTP proxies cannot handle such XML requests and responses because the communication is not over the HTTP protocol and thus a HTTP proxy cannot handle it, because it tries to understand HTTP headers. Because of that, the message presented to the user is (Global InfoBase error: … Wrong user name or password.) since Muse does not get back a message confirming the successful authentication to Global InfoBase.
The best solution for this case is to give full Internet access to the Muse server or at least to factory.museglobal.com:80. If this is not possible due to special security policies, we recommend the following workarounds:
- if the outgoing communication to port 8005 is not passed through the transparent proxy (and if there is no firewall blocking such requests on client side), change the port in the
$MUSE_HOME/factory/SourceFactory.xml
from 80 to 8005 (e.g. enter 8005 as value in the"
field)." - switch the communication of the Muse server with SourceFactory on SSL. Even if the traffic passes through proxy, being on SSL, the proxy will not interfere and the communication will stand. To do this, change the port in the
$MUSE_HOME/factory/SourceFactory.xml
from 80 to 443 (e.g. enter 443 as value in the"
field) and also set"
field to "yes". Please note that this option is only available fro Muse versions 2.3.1.1 and above.
Note: After such a port change, Muse HTTP server/Apache Tomcat must be restarted.
Not seeing the SPs related data, as status, version, install and build dates, can point an issue with the Local InfoBase.
The most comon issues that have these results are:
1) XMLDB corruption
For more information about this, please see the “How do I perform a backup/restore operation of the XML database?” (1019) FAQ.
2) InfoBase Bridge not started due to a port conflict
Muse InfoBase Bridge is using the 8005 port, so please check the Embedded Apache Tomcat logs to see if there are any entries of the form (which point a conflict):
Address already in use: JVM_Bind:8005
This port can cause a conflict if on the machine there is an external Apache Tomcat (or other software) running and listening on this port. In case of Apache Tomcat, the 8005 port is used for shutdown and it is configured in the $TOMCAT_HOME/conf/server.xml.
For other servers, please consult their documentation.
The advice is to change the port of external Apache Tomcat or any other software (not Muse) to something else, eg: 8115, and restart that server and Embedded Apache Tomcat.
The procedure of creating a new admin user is fully described in the “Muse Console for Application Administration.pdf” document, chapter “Administrative Users Setup and Maintenance”.
A particular case of creating a new admin user is if that user must has rights only on one application. Thus, when selecting a grant entry to grant a permission, from the list of available options one must chose “Modify Application”. Having only this grant added, then only one application will be available to be selected for administration. In the list of available applications, the new admin user will only see the selected aplication.
There is a “Forgot your password? Recover it.” feature in the Muse applications. When clicking on it, an email containing the configured password will be sent at the user’s email address. For this feature to work, the email settings configured at the application level must be correct and working.
Also, this feature is accessible from within the application, in other words you must login into the application in order to access the “Forgot your password? Recover it.” feature.
In the case of an application configured with IP authentication for “in Campus” and Personal User for “off Campus” access, the end user can access the “Forgot your password? Recover it.” feature only from in Campus.
There are two ways to set the default result display:
1. At the individual user level: this can be done directly by the end user within the Application when the user is logged into his personal account. Note that setting this preference will not result in a global change for the Application, just for the personal account in which it is configured.
2. At the Application level (as a global change to the Application) by modifying the “displayLevel” setting in the ${APPLICATION_HOME}/www/application/searchOptions.db
file. The values that can be set in this parameter are: “oneLine”, “brief” and “full”. For example, if the full display is wanted, the line within the searchOptions.db files should be:
Note that the setting at the Application level is superseded by the setting at the user level.
Yes, multiple email addresses can be specified in the $MUSE_HOME/admin/MuseAdmin.xml
file using a semicolon as the delimiter. After modifying the $MUSE_HOME/admin/MuseAdmin.xml
file the Muse HTTP server must be restarted.
We strongly recommend using a Muse admin console to do an Application backup instead of creating a copy of the Application’s directory.
The backup/restore feature is available starting Muse 2.2.0.0 and was especially created for such purposes. It backs up an entire Application under the "${MUSE_HOME}/admin/tmp/backup/"
directory by creating a file with the name "${APPLICATION_ID}.${timeStamp}.bak"
for each backup action.
Multiple Applications can be backed up simultaneously – however, the restore is a “one Application at a time” process. Also, a single Application can be backed up multiple times; upon restore, the user is prompted with all the backups ever made for that Application.
The procedure to change/remove the default sorting algorithm in an application (Muse 2.3.0.2. or above) is:
– log into the MCAA/MCCS,
– select an application,
– click Application Modules,
– click Ranking Keys,
– click Update Interface,
– select for which language to make the change,
– select the desired default ordering method/key (right side),
– click Update,
– click Close Window button.
Note that this applies for applications based on a MuseFoundation application template. To verify the changes relogin into the application.
For applications that are based on an older application template, the settings must be manually done because they are not compatible with the newer Muse admin consoles (MCAA/MCCS).
Below are the changes that must be done to configure the default sorting algorithm in applications based on older templates. Edit the
– $APPLICATION_HOME/www/application/searchOptions.db
file and/or the
– $APPLICATION_HOME/www/international/XYZ/application/searchOptions.db
file(s), where XYZ is the language code.
The line
which is equivalent to None (no ordering), must be replaced with:
or any other sorting key, such as:
– ICERankingKeyAuthor
– ICERankingKeyAuthorTitle
– ICERankingKeyDate
– ICERankingKeyField
– ICERankingKeyRelevance
– ICERankingKeyRetrieved
– ICERankingKeySource
– ICERankingKeyTitle
depending on the needes.
Load More
Follow the instructions from bellow for configuring the authentication for the Muse Search Application with Microsoft’s Azure Active Directory, using SAML.
In this scenario, the Muse Search Application is the Service Provider (SP), while Azure AD is the Identity Provider (IDP).
-
Generate the Service Provider Metadata
Access the administration end point for SAML at an URL of the form:
https://your_domain/muse/saml/web/metadata
where replaceyour_domain
with the actual domain of the Muse installation.
Useadmin
as the username and the configured password.In the Muse SSO Metadata Administration page click on the Generate new service provider button to access the metadata generation page.
In the Metadata Generation page, make sure the Signing key and Encryption key values are the proper ones. Fill in an alias value in the Entity alias input. The rest of configurations should be left with the default values. When done click the Generate metadata button.In the Metadata Details page follow the steps listed in section “In order to permanently store the metadata follow these instructions:“.
After the restart of the Muse web service, access again the Muse SSO Metadata Administration page, the metadata details for the newly added entity and click the Download entity metadata button to download it. -
Setup a new application in the Azure Portal
Access the Azure Portal at:
https://portal.azure.com/
and navigate to Azure Active Directory -> Enterprise applications from the menu and click New Application. Add the custom application by accessing Create your own application link and add the name of the application (e.g. Muse Search), making sure the option Integrate any other application you don’t find in the gallery (Non-gallery) is selected. Then chose the application created and select Setup single sign-on from the Manage menu, and then click the “SAML” button to access the configuration guide.In the new page click the Upload metadata file and select the metadata file which was downloaded at the previous step. All necessary values will be loaded in the Basic SAML Configuration, click the Save button to store them.
From the Set up Single Sign-On with SAML page, copy the value of App Federation Metadata Url to be used at the next step.
Make sure that the necessary user groups and users are configured to access the newly created Azure application. See the below instructions for doing this:
https://learn.microsoft.com/en-us/azure/active-directory/manage-apps/add-application-portal-assign-users -
Generate a new IDP
Access the Muse SSO Metadata Administration pages (as described at #1) and click the Add new identity provider metadata button.
In the Add New IDP Metadata files page, enter the URL copied from the Azure Portal in the Take metadata from URL: input and click the Test IDP metadata button.Next follow the instructions listed in the page to finalize the setup of the new IDP entity.
-
Wire the Muse Search Application for SAML authentication
Follow the instruction from below to finalize the setup of SAML authentication with Microsoft Azure AD.
– Edit the
${MUSE_HOME}/aas/jaas.config
file and add at the end of the file the below entry:
MuseKnowledge.Azure {
com.edulib.ice.security.authentication.ICELoginModulePropertiesExtractor requisite config="${ICE_HOME}/profiles/ICELoginModulePropertiesExtractor.Azure.xml";
com.edulib.ice.security.authentication.ICELoginModule requisite ;
};
– Download this file and place it in the following location${USE_HOME}/profiles/
. Edit the downloaded file, locate the following placeholders:PLACE_HERE_THE_IDP_ENTITY_ID
,MuseSearchApplicationID
andMuseSearchApplicationPassword
and replace them with the appropriate values.
– Test the integration using an URL of the form:
https://your_domain/muse/servlet/MusePeer/logon/alias/ALIAS?action=logon&userID=MuseKnowledge.Azure&templateFile=passThrough.html&errorTemplate=logon/logon.html&reuseSession=true&idp=IDP_ENTITY_ID
where replaceyour_domain
,ALIAS
andIDP_ENTITY_ID
with the appropriate values.
The access into the Muse Administration Consoles such as the MCAA (Muse Console for Applications Administration) is secured by IP authentication, besides Username/Password.
The access point for the MCAA console is:
http(s)://your_Muse_host:Port/mmc/
There are 2 methods for adding a new IP as an allowed IP address from where the MCAA console can be accessed:
1. From the MCAA console (reommmended). Login into the MCAA console from an already allowed IP address and follow the below steps:
- Access the Users top menu;
- From the Users page access the left menu item – Muse Authentication and Authorization Users;
- In the new page select the mcaa user (or the desired administrator user from the list) and click the left menu item – Edit Access Rules;
- In the Edit Access Rules pop-up page, click an Insert link corresponding to the last entry from the list;
- For the new item that was added, edit the IP value and add the desired IP address. When done click the Update button.
- Access the Muse server remotely, the access method differs, depending on the Operating System
(RDP/VNC/TeamViewer,
etc. for Windows based systems, SSH/VNC, etc. for Linux based systems); - Edit the file
${MUSE_HOME}/aas/hosts.xml
file. - Locate the
USER_RULE
section corresponding to the mcaa user (or the desired administrator). It should look like:mcaa - Add next to the existing IP rules a new entry as following:
, where replace Your_IP_Address with the actual IP address value.Your_IP_Address
The first step to try to resolve this issue is to update the Source(s) in question. If the installation date and status information still does not display after the Source(s) are updated, it is possible that the XML database is corrupted.
Use our backup & restore utility to recover from this problem. This procedure is detailed under the XMLDB category.
The configuration file for setting the SMTP_HOST
, SUPPORT_EMAIL
(the email address where problems are reported) and other SMTP characteristics such as port, SSL/TLS, username/password, certificates, is $MUSE_HOME/admin/MuseAdmin.xml
. A description for each SMTP property can be found in the comments area of the MuseAdmin.xml file and in the “Muse Administrator.pdf” manual.
The email settings from this file are used for sending a Source Problem Report using a Muse Administrator Console, like Muse Console for Applications Administration or Muse Console for Customer Support.
Notes:
- The SMTP_HOST must be configured to relay emails for the Muse server;
- If the SMTP server uses a secure connection (SSL/TLS) you must provide the necessary certificates. If the SMTP certificate is signed by a known Certificate Authority like Verisign for example, which is in the JDK’s keystore, there is no need to provide the certificate anymore;
- If the SMTP requires authentication then you must provide a working username/password too;
- In order for the changes in the $MUSE_HOME/admin/MuseAdmin.xml file to take effect, the Muse HTTP or Muse Embedded Apache Tomcat server (depending on which is available in your Muse version) must be restarted.
The “An error occured when list personal users for application applicationid: Personal Profile Management System will not be used because it could not be initialized. Probably xmldb location is not properly set. [Connection refused]” error is caused by a wrong port setting in MuseAdmin.xml file.
Please check the $MUSE_HOME/admin/MuseAdmin.xml
file, locate the
tag and check if the port is the same as the one Muse HTTP server/Apache Tomcat (depending on the Muse version) is running on.
Deleting a Source through the Console deletes all entry points to that Source from the Console. The backup files are not deleted, however, so the way to access the .bak files for the Source is to add the Source to the Application again. The backups will be available through the Backup/Restore tab once the Source is relinked to the Application. Previous settings will be restored to the Source once the Restore process is done. (Please note that your restore is successful even though there is no on-screen confirmation.)
Updating a Source Package installed in a Muse Application or adding a new one make use of the Global InfoBase service. The access to the Global InfoBase service is done with a username/password combination that were assigned to you by MuseGlobal.
The fact that you get “Source package decode error” messages when updating Muse Source Packages in the Muse Administration Console shows that you did not configure in your Muse installation the username/password for accessing the Global Source Factory service.
There are 2 ways for configuring the access details for the Global Source Factory service in a Muse installation:
- At the Muse system level. This means that you configure the username/password for accessing the Global Source Factory service at the system level and all administrative users like mcaa and mccs make use of it. To do this setting edit the ${MUSE_HOME}/factory/SourceFactory.xml file and fill in the GLOBAL_IB_USERand GLOBAL_IB_PASSWORD fields with the username/password that were provided to you by MuseGlobal. You should have there the startersf default restrictive details, just replace them with the ones provided to you. A restart of the Muse Embedded Tomcat server is required for this setting to take effect.
- At the administrative user level. This means that you can configure the username/password for accessing the Global InfoBase service individually, for each Muse Administration user (like mcaa, mccs). The advantage of this configuration is that you can specify different access details for the Global InfoBase service for each Muse Administration user. Another advantage is that the restart of the Muse Embedded Tomcat server is no longer required. Specifying the access details for the Global InfoBase service for a Muse Administration user is done through the Muse Console for Applications Administration interface (mcaa user) as follows:
- login into the Muse Console for Applications Administration interface as the mcaa user.
- go to the Users tab, locate the desired administration user, select it and click on the "Edit Properties" leftmenu item.
- in the "Edit MAB User Properties" panel fill in the "Global InfoBase User Name" and "Global InfoBase User Password" fields with the appropriate values.
- re-login into the Muse Administration Console if the setting was done for the mcaa user or login with the user for which the Global InfoBase details were updated.
Such and error may occur in 2 cases:
A. the username and password used to access the Global InfoBase are not correct and/or
B. the Muse communication with Global InfoBase is not successful.
A. The u/p used to access the Global InfoBase are set for each admin user via Designer console or Muse Console for Applications Administration.
Using Muse Console for Applications Administration (starting with Muse 2300), the Global InfoBase u/p can be changed as following:
– log in Muse Console for Applications Administration,
– go to “Users”,
– select a user and click “Edit Properties”,
– in the window that opens, set the “Global InfoBase User Name” and “Global InfoBase User Password”.
Using Designer Admin console (before Muse 2300), the Global InfoBase u/p can be changed as following:
– log in Designer console,
– go to “Users”,
– click “Muse Admin Bridge” ,
– click “Properties” of the admin user that must be checked,
– in the window that opens, set the “Global InfoBase User Name” and “Global InfoBase User Password”.
B. Unsuccessful communication between Muse and Global InfoBase can be caused by a transparent HTTP proxy between the two. The communication with Global InfoBase is based on XML requests and responses over TCP sockets. Many HTTP proxies cannot handle such XML requests and responses because the communication is not over the HTTP protocol and thus a HTTP proxy cannot handle it, because it tries to understand HTTP headers. Because of that, the message presented to the user is (Global InfoBase error: … Wrong user name or password.) since Muse does not get back a message confirming the successful authentication to Global InfoBase.
The best solution for this case is to give full Internet access to the Muse server or at least to factory.museglobal.com:80. If this is not possible due to special security policies, we recommend the following workarounds:
- if the outgoing communication to port 8005 is not passed through the transparent proxy (and if there is no firewall blocking such requests on client side), change the port in the
$MUSE_HOME/factory/SourceFactory.xml
from 80 to 8005 (e.g. enter 8005 as value in the"
field)." - switch the communication of the Muse server with SourceFactory on SSL. Even if the traffic passes through proxy, being on SSL, the proxy will not interfere and the communication will stand. To do this, change the port in the
$MUSE_HOME/factory/SourceFactory.xml
from 80 to 443 (e.g. enter 443 as value in the"
field) and also set"
field to "yes". Please note that this option is only available fro Muse versions 2.3.1.1 and above.
Note: After such a port change, Muse HTTP server/Apache Tomcat must be restarted.
Not seeing the SPs related data, as status, version, install and build dates, can point an issue with the Local InfoBase.
The most comon issues that have these results are:
1) XMLDB corruption
For more information about this, please see the “How do I perform a backup/restore operation of the XML database?” (1019) FAQ.
2) InfoBase Bridge not started due to a port conflict
Muse InfoBase Bridge is using the 8005 port, so please check the Embedded Apache Tomcat logs to see if there are any entries of the form (which point a conflict):
Address already in use: JVM_Bind:8005
This port can cause a conflict if on the machine there is an external Apache Tomcat (or other software) running and listening on this port. In case of Apache Tomcat, the 8005 port is used for shutdown and it is configured in the $TOMCAT_HOME/conf/server.xml.
For other servers, please consult their documentation.
The advice is to change the port of external Apache Tomcat or any other software (not Muse) to something else, eg: 8115, and restart that server and Embedded Apache Tomcat.
The procedure of creating a new admin user is fully described in the “Muse Console for Application Administration.pdf” document, chapter “Administrative Users Setup and Maintenance”.
A particular case of creating a new admin user is if that user must has rights only on one application. Thus, when selecting a grant entry to grant a permission, from the list of available options one must chose “Modify Application”. Having only this grant added, then only one application will be available to be selected for administration. In the list of available applications, the new admin user will only see the selected aplication.
There is a “Forgot your password? Recover it.” feature in the Muse applications. When clicking on it, an email containing the configured password will be sent at the user’s email address. For this feature to work, the email settings configured at the application level must be correct and working.
Also, this feature is accessible from within the application, in other words you must login into the application in order to access the “Forgot your password? Recover it.” feature.
In the case of an application configured with IP authentication for “in Campus” and Personal User for “off Campus” access, the end user can access the “Forgot your password? Recover it.” feature only from in Campus.
There are two ways to set the default result display:
1. At the individual user level: this can be done directly by the end user within the Application when the user is logged into his personal account. Note that setting this preference will not result in a global change for the Application, just for the personal account in which it is configured.
2. At the Application level (as a global change to the Application) by modifying the “displayLevel” setting in the ${APPLICATION_HOME}/www/application/searchOptions.db
file. The values that can be set in this parameter are: “oneLine”, “brief” and “full”. For example, if the full display is wanted, the line within the searchOptions.db files should be:
Note that the setting at the Application level is superseded by the setting at the user level.
Yes, multiple email addresses can be specified in the $MUSE_HOME/admin/MuseAdmin.xml
file using a semicolon as the delimiter. After modifying the $MUSE_HOME/admin/MuseAdmin.xml
file the Muse HTTP server must be restarted.
We strongly recommend using a Muse admin console to do an Application backup instead of creating a copy of the Application’s directory.
The backup/restore feature is available starting Muse 2.2.0.0 and was especially created for such purposes. It backs up an entire Application under the "${MUSE_HOME}/admin/tmp/backup/"
directory by creating a file with the name "${APPLICATION_ID}.${timeStamp}.bak"
for each backup action.
Multiple Applications can be backed up simultaneously – however, the restore is a “one Application at a time” process. Also, a single Application can be backed up multiple times; upon restore, the user is prompted with all the backups ever made for that Application.
The procedure to change/remove the default sorting algorithm in an application (Muse 2.3.0.2. or above) is:
– log into the MCAA/MCCS,
– select an application,
– click Application Modules,
– click Ranking Keys,
– click Update Interface,
– select for which language to make the change,
– select the desired default ordering method/key (right side),
– click Update,
– click Close Window button.
Note that this applies for applications based on a MuseFoundation application template. To verify the changes relogin into the application.
For applications that are based on an older application template, the settings must be manually done because they are not compatible with the newer Muse admin consoles (MCAA/MCCS).
Below are the changes that must be done to configure the default sorting algorithm in applications based on older templates. Edit the
– $APPLICATION_HOME/www/application/searchOptions.db
file and/or the
– $APPLICATION_HOME/www/international/XYZ/application/searchOptions.db
file(s), where XYZ is the language code.
The line
which is equivalent to None (no ordering), must be replaced with:
or any other sorting key, such as:
– ICERankingKeyAuthor
– ICERankingKeyAuthorTitle
– ICERankingKeyDate
– ICERankingKeyField
– ICERankingKeyRelevance
– ICERankingKeyRetrieved
– ICERankingKeySource
– ICERankingKeyTitle
depending on the needes.