TN0029: User Management in Jazz
Last Updated: October 29, 2008Author: Balaji Krish
Summary
The Jazz Team Server application runs in a secure application server and requires authentication. The authentication is managed by the application server. User credentials are maintained in an external user directory. The application server uses the information in the user directory to perform authentication. Jazz application uses the information in the user directory to authorize user operations, display group membership information in the user interface, and synchronize the user information between the user directory and the Jazz database. This note describes the different user directories supported by Jazz application and ways to configure the user directory realm in the application server and Jazz application.
More Information
Information about the users is present in both the external user directory and the Jazz database. The user directory is a registry to store user information. The Jazz repository maintains basic information like user id, name and email address about users. The external user directory usually contains a lot more information about the users. For example, an organizational directory server would contain an employee’s personal record, credentials to login to the company’s intranet, compensation, educational information, etc. The user directory must contain, at a minimum, the user id, name, email address and password of the users.The authentication is managed by the application server (for example, Tomcat or WebSphere Application Server). So, all the user directories supported by the application server can be used as the underlying user directory for authentication. For example, WebSphere Application Server supports 3 different user databases out of the box: Federated repository, Local operating system and LDAP user registry. Jazz application uses the information present in the user directory to display group membership information in the UI, to check whether a user is authorized to perform operations in the Jazz repository, and to synchronize the user information present in the Jazz database with the user directory. Therefore, in addition to configuring the container to use the user directory for authentication, administrators must also configure the user directory information in the Jazz application. In the 1.0 release, Jazz Team Server provides first class integration to two commonly used user directories: Tomcat user database and LDAP User Directory. If you are using any other custom user directories, you need to manage the users manually in the Jazz database and the user directory. User directories in Jazz application can be configured using https://example.com:9443/jazz/setup. Shown below is the table with the supported user directories in Jazz.
User Directory | Definition | Role |
Tomcat User Directory | The Default Tomcat User database. The user database is a simple file (tomcat-users.xml) and is present under {Jazz-Installation-Dir}/jazz/server/tomcat/conf directory. | This user directory must be used with a Tomcat application server. |
LDAP User Directory | A directory to store information. | Can be used with both Tomcat and WebSphere application server |
Unsupported | An unsupported user directory | Must be used if user directory is neither Tomcat User database nor LDAP user directory. |
Steps for configuring a user directory in the application server and Jazz application are as follows :
- Stop the Jazz server
- Configure the realm for the application server
- Start the server
- Open https://example.com:9443/jazz/setup to configure user directory setting for Jazz
- You may create a new user in the Jazz repository if it doesn’t exist in the database
- Finish the wizard