It's all about the answers!

Ask a question

WebSeal using RTC client API


Mike Brouwers (341118) | asked Jan 05 '16, 5:59 p.m.
edited Jan 06 '16, 7:37 a.m. by Geoffrey Clemm (30.1k23035)
 Hello,

I currently have ISAM 8.0.1.3 configured with RTC 5.0.2.
I have configured a virtual junction in a reverse proxy for RTC.
When using the web UI I can login successfully with the user.

However when using the client api or the RTC client, I get an error.

Does anybody have any idea what is missing in my configuration or what needs to be done to enable client api access for access through webseal?

Here's my log when I use the client api:

RTC: Starting connection to team platform
RTC: Getting repository
RTC:  Exception "Error while logging in to https://xxx:9443/ccm with UID yyy" Unexpected character "60": line 1, column 1
com.sync.mlp.rtc.common.exceptions.SyncException: null, Unexpected character "60": line 1, column 1, Error while logging in to https://xxx:9443/ccm with UID yyy
at com.ibm.team.repository.client.internal.TeamRepository.fetchClientVersionJSONObject(TeamRepository.java:1723)
at com.ibm.team.repository.client.internal.TeamRepository.access$0(TeamRepository.java:1676)
at com.ibm.team.repository.client.internal.TeamRepository$5.run(TeamRepository.java:1747)
at com.ibm.team.repository.client.internal.TeamRepository$5.run(TeamRepository.java:1)
at com.ibm.team.repository.client.internal.TeamRepository$3.run(TeamRepository.java:1324)
at com.ibm.team.repository.common.transport.CancelableCaller.call(CancelableCaller.java:79)
at com.ibm.team.repository.client.internal.TeamRepository.callCancelableService(TeamRepository.java:1319)
at com.ibm.team.repository.client.internal.TeamRepository.checkServerVersionMatches(TeamRepository.java:1750)
at com.ibm.team.repository.client.internal.TeamRepository.internalLogin(TeamRepository.java:1512)
at com.ibm.team.repository.client.internal.TeamRepository.login(TeamRepository.java:653)
at com.ibm.team.repository.client.internal.TeamRepository.login(TeamRepository.java:627)
at com.sync.mlp.rtc.client.handlers.RepositoryHandler.login(RepositoryHandler.java:126)
at com.sync.mlp.rtc.client.handlers.RepositoryHandler.connect(RepositoryHandler.java:66)
at com.sync.mlp.rtc.client.test.TestGetAndSetStatus.init(TestGetAndSetStatus.java:102)
at com.sync.mlp.rtc.client.test.TestGetAndSetStatus.main(TestGetAndSetStatus.java:45)


Thanks,

Mike

Comments
Donald Nong commented Jan 05 '16, 7:25 p.m.

Have you debugged the code to see what's returned during login? If you remove the custom plugin from the RTC Eclipse client, do you have the same problem?


Mike Brouwers commented Jan 06 '16, 10:24 a.m.

 Hi Donald.


I'm getting this same error when using the standard RTC client. No custom plugins.
I used the RTC client API to get a complete stack trace of where the error occurs...

I have no issues when I use the web interface. Only when using the client or client API.

2 answers



permanent link
Simon Washbrook (67216) | answered Jan 06 '16, 2:04 a.m.

Hi Mike,

You should read this article in the deployment wiki:
https://jazz.net/wiki/bin/view/Deployment/WebSealandCLM

It provides some information on how WebSeal modifies some cookies that can disturb the correct behaviour of CLM.
As Donald says, look at what is being returned, If you see IV_JCT in JavaScript code or cookie names then WebSeal is renaming things and you need to tell it to stop :-) The above document tells you how to do that.
The character code "60" refers to "<" which is a tag start. So it may be a sign that WebSeal is injecting a SCRIPT tag into HTML text being requested from RTC, when this text is parsed the tag is unexpected. We have only seen this issue with Doors NG (which explains why in the above document the section that deals with this issue is entitled "Managing Doors Next Generation cookies in WebSEAL").

I hope this helps, Simon

Comments
Mike Brouwers commented Jan 06 '16, 10:23 a.m.

 Hi Simon,


I'm using a virtual host ssl junction. It seems like the -j and -J options to enable xhtml10 are not available on that end. I also do not have any issues with any of the rtc applications (including Doors) using the web interface. This is only happening on the rtc client...

As I said before, when I use the standard RTC client (no custom plugins), or when I use the RTC client API I get this issue...

Any other ideas?



Simon Washbrook commented Jan 06 '16, 11:11 a.m.

Hi Mike,
I'm not WebSeal expert, more a CLM expert. I solved issues with WebSeal by looking at a successful exchange and an unsuccessful exchange between the client and the server; WebSeal comes with some excellent logging capabilities, "Snnop" logs if I remember correctly, but Wireshark could be used as well. I suggest you log the exchange during the client API login process to identify how WebSeal is modifying the data that is coming back from the server. The fact that the error is raised in "fetchClientVersionJSONObject" indicates that it is probably not getting JSON code back from the server.
Another point: does the client API accept the redirects to login that WebSeal will generate when you make the first connection to the RTC server?


Mike Brouwers commented Jan 06 '16, 4:47 p.m.
We have debugged the issues with wireshark.
It looks like the issue happens when a service gets called from the client api, the isam login causes errors. RTC does not know how to handle the ISAM login.

We are also looking into implementing MFA (TOTP) in our login process. Is there any documentation on how to resolve these issues with RTC?
For instance it expects JSON reponses or 401 for unauthenticated requests.

It looks like this is an RTC issue...


permanent link
Simon Washbrook (67216) | answered Jan 07 '16, 2:21 a.m.
Hi Mike,
Don't jump to the conclusion that it is an RTC issue. RTC works fine without WebSeal and I know of at least two customers who use RTC successfully with WebSeal.
When you add WebSeal between the client and the RTC server you start messing up the normal login process. How have you set up the login process for RTC, Form based or Basic? One of the customers using WebSeal and RTC successfully uses Basic authentication as they could not get Form based to work. The other one was not using a virtual host SSL junction so could try using a normal WebSeal junction.
If you are still stuck contact the support for WebSeal.
As for MFA (TOTP) you probably need to talk to WebSeal support to get pointers to the right documentation.

Your answer


Register or to post your answer.