It's all about the answers!

Ask a question

Getting Authenticated and oAuth in DNG 5 via Python


0
2
Kevin Murphy (9621317) | asked Oct 07 '14, 6:13 p.m.
I've been trying and trying and trying to get authenticated into DNG via Python. Months ago I was able to figure out how to get by oAuth in DOORS 9/DWA, but DNG 5 is not behaving as expected.

There is no documentation out there for doing this that appears to apply. The Java code examples in the OSLC workshop conveniently appear to use helper functions and leave out details. The QM and CCM applications appear to use https://server/<app>/j_security_check to login but this has no affect in DNG (which always gets rerouted to /jts/authenticated/auth). If I'm lucky enough to figure out how to login I can't get by oAuth (usually get an error about invalid_expired_tokens). I'm running in a multnode environment and have ensured that clocks are synchronized.

I could keep venting here but the fact is there is little to no documentation on how this works and in DNG 5 it appears to have changed from previous versions. I'd like to humbly request that someone post some code showing how to do a complete authentication and/or post an overview of the entire process, in detail (do I login first? get a request-token first, etc. And exactly what headers should be provided in each step?).

The purpose of the code I'm attempting to develop is to be a foundation to run automation entirely through the command-line, without any user intervention. Going to an oAuth url to get a verifier manually is not an option. 

I'm reaching out internally to IBM but I also figured I'd ask for assistance here so that others can be helped.

As an aside, I created this enhancement request, and it really gets to the heart of the issue. Any guidance is MUCH appreciated.

Accepted answer


permanent link
Gabriel Ruelas (1.1k13) | answered Oct 16 '14, 10:41 a.m.
Hi Kevin, below are the request, responses, headers, params, etc of a Form log-in to RDNG 5.0. It is based on the OSLC Workshop sample code Example04.java and HttpUtils.java ) of https://jazz.net/library/article/635. PLS let me know if questions.

>> Service Providers Catalog: https://fit-vm8-083.rtp.raleigh.ibm.com:9443/rm/oslc_rm/catalog
>> GET https://fit-vm8-083.rtp.raleigh.ibm.com:9443/rm/oslc_rm/catalog
>> Request Headers:
    - Accept: application/xml
    - OSLC-Core-Version: 2.0
AVISO: Authentication error: Unable to respond to any of these challenges: {oauth=WWW-Authenticate: OAuth realm=https://fit-vm8-083.rtp.raleigh.ibm.com:9443/jts/oauth-authorize}
>> HTTP RC = 401
>> Response Headers:
    - Server: Apache-Coyote/1.1
    - set-cookie: jfs-oauth-access-token0=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Path=/rm; secure
    - set-cookie: jfs-oauth-access_token-secret0=; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:00 GMT; Path=/rm; secure
    - set-cookie: jfs-request-token-2d26e2f4d8ae47d9bcb8ec6b8d69e8a5="1Fe0TZOwKhSLJrNphtUtuVW6nVpzMGbiAykOBmiSI"; Version=1; Max-Age=600; Expires=Thu, 16-Oct-2014 14:45:53 GMT; Path=/rm; secure
    - X-jazz-web-oauth-url: https://fit-vm8-083.rtp.raleigh.ibm.com:9443/jts/oauth-authorize?oauth_token=2d26e2f4d8ae47d9bcb8ec6b8d69e8a5
    - WWW-Authenticate: OAuth realm=https://fit-vm8-083.rtp.raleigh.ibm.com:9443/jts/oauth-authorize
    - Content-Type: text/html
    - Content-Length: 368
    - Date: Thu, 16 Oct 2014 14:35:53 GMT
    
Note : Use     "X-jazz-web-oauth-url" header for next request
    
>> GET (01) https://fit-vm8-083.rtp.raleigh.ibm.com:9443/jts/oauth-authorize?oauth_token=2d26e2f4d8ae47d9bcb8ec6b8d69e8a5
>> Request Headers:
>> HTTP RC = 302
>> Response Headers:
    - Server: Apache-Coyote/1.1
    - Cache-Control: private
    - Expires: Wed, 31 Dec 1969 19:00:00 EST
    - Set-Cookie: JSESSIONID=8972BD48D895E6971FD836AACB10B40D; Path=/jts/; Secure; HttpOnly
    - X-com-ibm-team-repository-web-auth-msg: authrequired
    - Location: https://fit-vm8-083.rtp.raleigh.ibm.com:9443/jts/authenticated/identity?redirectPath=%2Fjts%2Foauth-authorize%3Foauth_token%3D2d26e2f4d8ae47d9bcb8ec6b8d69e8a5
    - Content-Length: 0
    - Date: Thu, 16 Oct 2014 14:35:53 GMT
    
Note : Use     "Location" header for next request    
    
>> GET (02) https://fit-vm8-083.rtp.raleigh.ibm.com:9443/jts/authenticated/identity?redirectPath=%2Fjts%2Foauth-authorize%3Foauth_token%3D2d26e2f4d8ae47d9bcb8ec6b8d69e8a5
>> Request Headers:
>> HTTP RC = 200
>> Response Headers:
    - Server: Apache-Coyote/1.1
    - Cache-Control: private
    - Expires: Wed, 31 Dec 1969 19:00:00 EST
    - Set-Cookie: JSESSIONID=2EC938D4A54D38BFDF09AE72835919E7; Path=/jts/; Secure; HttpOnly
    - Set-Cookie: JazzFormAuth=Form; Path=/jts
    - X-com-ibm-team-repository-web-auth-msg: authrequired
    - Content-Type: text/html;charset=UTF-8
    - Content-Length: 1985
    - Date: Thu, 16 Oct 2014 14:35:53 GMT
    
Note : Use     JTS url for next request 
    
>> POST https://fit-vm8-083.rtp.raleigh.ibm.com:9443/jts/j_security_check
>> Entity content =[j_username=TestJazzAdmin1, j_password=TestJazzAdmin1]
>> Request Headers:
>> HTTP RC = 302
>> Response Headers:
    - Server: Apache-Coyote/1.1
    - Location: https://fit-vm8-083.rtp.raleigh.ibm.com:9443/jts/authenticated/identity?redirectPath=%2Fjts%2Foauth-authorize%3Foauth_token%3D2d26e2f4d8ae47d9bcb8ec6b8d69e8a5
    - Content-Length: 0
    - Date: Thu, 16 Oct 2014 14:35:53 GMT
    
Note : Use     "Location" header for next request        
    
>> GET (03) https://fit-vm8-083.rtp.raleigh.ibm.com:9443/jts/authenticated/identity?redirectPath=%2Fjts%2Foauth-authorize%3Foauth_token%3D2d26e2f4d8ae47d9bcb8ec6b8d69e8a5
>> Request Headers:
>> HTTP RC = 302
>> Response Headers:
    - Server: Apache-Coyote/1.1
    - Set-Cookie: JSESSIONID=B8A68566C53D893818C01902FD1B8492; Path=/jts/; Secure; HttpOnly
    - Set-Cookie: JSESSIONIDSSO=8A0574B47F7060932828408A475613B9; Path=/; Secure; HttpOnly
    - Cache-Control: private
    - Expires: Wed, 31 Dec 1969 19:00:00 EST
    - Set-Cookie: X-com-ibm-team-foundation-auth-loop-avoidance=false
    - Location: https://fit-vm8-083.rtp.raleigh.ibm.com:9443/jts/oauth-authorize?oauth_token=2d26e2f4d8ae47d9bcb8ec6b8d69e8a5
    - Content-Length: 0
    - Date: Thu, 16 Oct 2014 14:35:53 GMT
    
Note : Use     JTS url for next request, and from "Location" Header get the oauth_token
    
>> POST https://fit-vm8-083.rtp.raleigh.ibm.com:9443/jts/j_security_check
>> parameter oauth_token=2d26e2f4d8ae47d9bcb8ec6b8d69e8a5
>> parameter oauthCallback=null
>> parameter authorize=true
>> Request Headers:
    - Content-Type: application/x-www-form-urlencoded;charset=UTF-8
>> HTTP RC = 200
>> Response Headers:
    - Server: Apache-Coyote/1.1
    - Content-Length: 0
    - Date: Thu, 16 Oct 2014 14:36:03 GMT

End of Document


Kevin Murphy selected this answer as the correct answer

One other answer



permanent link
Kevin Murphy (9621317) | answered Oct 20 '14, 5:28 p.m.
Gabriel,

Thanks so much for your answer. I'm going to mark it as the answer but will provide more nuance.

The main issue I was having was that I'd get return codes of 200 when I was expecting a return code of 302. 

I was using the requests library for python. This is the same library used by my client for RQM. With RQM, you can use a requests object like so:

response = requests.get(url)

When using this to connect to DNG, using a request.Session() is the way to go, as the Session class does some automated things for you (like store cookies and the like).

The next issue is that requests (and sessions) is set to allow redirections. You can say this:

response = session.get(url, allow_redirects=False)

And that will stop the automatic redirections. But then it becomes problematic because it's not clear when you want redirection and when you don't. 

Whether using requests or sessions, though, the response has an attribute called history. So if there has been a redirect, then you can check 

response.history

to see details of all transactions.

And that's where my expected 302 codes were. Once I had that, combined with Sessions, I had all I needed to get authenticated.

Hope this helps someone else!

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.