It's all about the answers!

Ask a question
QuestionsTagsUsersBadges
Guidelines | FAQ
Follow this question
Question details

×12,011
×383

question asked: Jan 23 '14, 3:02 p.m.
question was seen: 4,832 times
last updated: Feb 05 '14, 11:15 a.m.

Related questions

For unauthenticated users, why do links to private project areas on jazz hub go to an error page instead of an authentication page?

0
Brian Fleming (1.6k11928) | asked Jan 23 '14, 3:02 p.m.
If I log out of jazz hub and use a bookmark to get to my private project Dashboard I am presented with:

Error!
The project <project name> does not exist or is not accessible with your credentials.
If you have JazzAdmins privileges you can investigate the problem in the Jazz Admin Web UI.

Why doesn't it take me to a page where I can authenticate instead?



2 answers

Most liked answers ↑|Newest answers|Oldest answers

0
permanent link
McQ Wilson (613) | answered Jan 23 '14, 3:24 p.m.
FORUM ADMINISTRATOR
I don't know what the correct answer is, but it's clear that there is a security aspect to this: If the system worked as you describe, then I could learn whether a (private) project with a particular name existed by synthetically constructing an appropriate URL. 

Comments
Brian Fleming commented Jan 23 '14, 3:47 p.m.

Perhaps, although on jazz.net if you construct a link for a non-existant project area you're still prompted for credentials before seeing the same error in my original question.  I'd expect jazz hub to behave the same way.  How else are users in private jazz hub areas sharing links to anything?

McQ Wilson commented Jan 23 '14, 7:55 p.m.
FORUM ADMINISTRATOR

Agree there's an issue here. I'll point this thread out to the developers working in that area. 
0
permanent link
Lauren Hayward Schaefer (3.3k11727) | answered Jan 24 '14, 7:20 a.m.
JAZZ DEVELOPER
Hi Brian,

This is something we've discussed:  is it better to acknowledge that a private project exists and prompt for login or is it better to act like a private project doesn't exist? 

It'd be great if you could open an enhancement request in the JazzHub project with your input.  https://hub.jazz.net/ccm01/web/projects/srich%20|%20JazzHub#action=com.ibm.team.dashboard.viewDashboard
Comments
1
Brian Fleming commented Jan 24 '14, 9:28 a.m.

Hi Lauren

As I mentioned in my comment to McQ, JazzHub is behaving differently than jazz.net.  Requesting credentials before presenting an error message that says
"Error!
The project <project name=""> does not exist or is not accessible with your credentials"
does not acknowledge the existance of that private project area.  This issue makes links in workitem email notifications unusable in private project areas. 

I've opened defect 15923

Adam Archer commented Feb 05 '14, 9:56 a.m.
FORUM MODERATOR / JAZZ DEVELOPER

Hi Brian,

It actually does acknowledge the existence of a private project since we support guest access for public projects on jazz.net. We do not prompt if you land on a public project, so if we did when you landed on a private project, you would know it exists.

I agree, however, that the current behaviour gives a horrible user experience for private project users and that is not okay. In this case I think it might be worth divulging the existence to solve this UX issue.

Adam Archer commented Feb 05 '14, 9:57 a.m.
FORUM MODERATOR / JAZZ DEVELOPER

My comment should read "since we support guest access for public projects on JazzHub" (we do not support guest access on jazz.net).

Brian Fleming commented Feb 05 '14, 11:15 a.m.

Thanks Adam.  I'll admit I'm still unsure how taking a user to an authentication page would confirm the existence of a private project area.  Wouldn't it only confirm that there is no public project area with that name? 

Your answer

Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.