It's all about the answers!

Ask a question

Why am I receiving login looping requests in a dashboard widget that displays a report from JRS?


0
1
Denise McKinnon (1526) | asked Nov 18 '15, 3:50 p.m.
edited Dec 17 '15, 11:53 a.m.

After adding a JRS report widget in either the personal or project dashboard, the report does not display data. Instead, the message indicating that I have to log into the server to view content repeats even after I select to log in and enter the correct username and password.


 

This problem occurs in version 5.0.2 when JRS is setup to run on HTTP and not HTTPS, and is not reproducible in CLM/JRS version 6.0

 

Steps to reproduce the issue:

1.       Enable the following log4j loggers in IBM Rational Jazz Team Server (JTS):

log4j.logger.com.ibm.team.repository.service.internal.compatibility.auth=trace
log4j.logger.com.ibm.team.jfs.app.auth=trace
log4j.logger.com.ibm.team.repository.servlet=trace
log4j.logger.com.ibm.team.repository.service.internal.oauth=trace
log4j.logger.com.ibm.team.repository.service.internal.auth=trace
log4j.logger.com.ibm.team.repository.internal.service.auth.impl=trace
log4j.logger.com.ibm.team.repository.service.permission.SecurityHelper=debug
log4j.logger.net.jazz.ajax.service/AuthClient.oauth.dance=debug

  1. Reload the log settings:

    https://<server:port>/<app_context>/admin?internal=true#action=com.ibm.team.repository.admin.reloadLoggingSettings

  2. On my personal dashboard, add a report widget that displays a JRS report.

  3. In the widget, click on the 'Log in' link. Enter username and password to log in to the server

  4. Confirm that the report does not display and the Log in link appears again

  5. In jts.log, you will find errors similar to the ones below:2015-10-23 16:45:18,982 [http-bio-80-exec-3 @@ 16:44 <unauthenticated> <Initial Page Load@24843de9-8f71-488e-96c6-cb3db9b955ed> /jts/auth/authrequired] DEBUG am.repository.internal.service.auth.impl.CheckAuth  - Handling OAuthProblemException "net.oauth.OAuthProblemException": "invalid_expired_token"

    OR

    2015-10-23 16:48:50,326 [http-bio-80-exec-17 @@ 16:48 <unauthenticated> <JazzHttpClient@9.23.46.31> /jts/jauth-check-auth] DEBUG am.repository.internal.service.auth.impl.CheckAuth  - Handling OAuthProblemException "net.oauth.OAuthProblemException": "invalid_used_nonce"

2 answers



permanent link
Denise McKinnon (1526) | answered Nov 18 '15, 3:57 p.m.

Add the following Java Virtual Machine (JVM) properties to all servers:

Name: com.ibm.team.jfs.app.oauth.OAuthHelper.disableSecureCookies Value: true

Name: com.ibm.team.jfs.app.oauth.usePlainText Value: true

 

Steps for servers running on IBM WebSphere:

I.       Log in to the Integrated Solutions Console and click Servers > Server Types > WebSphere application servers > server1

II.     Under Server Infrastructure, expand Java and Process Management and click Process definition

III.   Click Java Virtual Machine and then click Custom properties

IV.    Click New and add the following custom property:
Name: com.ibm.team.jfs.app.oauth.OAuthHelper.disableSecureCookies Value: true

V.     Click New and add the following custom property:
Name: com.ibm.team.jfs.app.oauth.usePlainText Value: true

VI.  Click Apply and Save directly to the master configuration

VII. For the changes to take effect, restart the application server

 

Steps for servers running on Apache Tomcat:

  • If using Tomcat startup script, add the following Java Options:

    set JAVA_OPTS=%JAVA_OPTS% -Dcom.ibm.team.jfs.app.oauth.OAuthHelper.disableSecureCookies=true
    set JAVA_OPTS=%JAVA_OPTS% -Dcom.ibm.team.jfs.app.oauth.usePlainText=true


  • If running Tomcat as Windows Service, add the following Java Options:

    -Dcom.ibm.team.jfs.app.oauth.OAuthHelper.disableSecureCookies=true

    -Dcom.ibm.team.jfs.app.oauth.usePlainText=true



Comments
Kevin Ramer commented Dec 17 '15, 12:15 p.m.

I've seen many of these ask/answer things and they could be very helpful as they describe odd scenarios that one might encounter.   However,  I would think that a more significant tag ought to be placed upon them or include as a new article type.  Something to make them easier to reference a month from now when normal forum items have "aged out"


Geoffrey Clemm commented Dec 20 '15, 11:53 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

The current convention is just to immediately answer the question, so it does not appear on the "unanswered questions" query.   Just for interest's sake, why would you think that these self-answered questions would be more interesting in the future than the "real" questions?  


Denise McKinnon commented Dec 21 '15, 8:32 a.m.

These are "real" questions which are taken directly from support call interactions.


Geoffrey Clemm commented Dec 21 '15, 3:18 p.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

By "real" questions, I meant "questions that the poster needed an answer to".   For those of us that try to make sure questions get answered, the problem with posting questions with known answers to this forum is that there is no current way to automatically filter out questions that have answers out of the email feed we use to get notified about all new questions.   So I agree it is very worthwhile to post the support call answers somewhere, it would be great if we could post it somewhere other than this forum (or a separate section of this forum with a separate email feed).   But the real point of my comment above was to clarify Kevin's comment that "normal" forum questions aging out


permanent link
Michael Alberda (251625) | answered Feb 19 '18, 8:32 a.m.

Hi,

Was this resolved. We are facing a similar issue whereby the report is displayed after logging in. However, users have to login for each new session which is not ideal. I would like it if they did not have to login at all. Would adding these properties resolve this and what other impact does it have?



Comments
Christopher Robinson commented Feb 28 '18, 9:29 a.m.

Hi Michael,
I could use some clarification on the above. Are you saying they need to login to see the report itself or log into the actual web client again?


Michael Alberda commented Mar 01 '18, 8:28 a.m.

HI Chris,

The issue is not with the web client login. All widgets that are using JRS reports request the users to login (this is a login within the widget itself, I assume for JRS), once logged in, the report is displayed. However, this needs to be done every day.

Please let me know if you need more clarity.

Thankyou!,
Regards,
Michael.

Your answer


Register or to post your answer.