WebSeal using RTC client API
Mike Brouwers (34●13●18)
| asked Jan 05 '16, 5:59 p.m.
edited Jan 06 '16, 7:37 a.m. by Geoffrey Clemm (30.1k●3●30●35)
Hello,
I currently have ISAM 8.0.1.3 configured with RTC 5.0.2.
I have configured a virtual junction in a reverse proxy for RTC.
When using the web UI I can login successfully with the user.
However when using the client api or the RTC client, I get an error.
Does anybody have any idea what is missing in my configuration or what needs to be done to enable client api access for access through webseal?
Here's my log when I use the client api:
RTC: Starting connection to team platform
RTC: Getting repository
RTC: Exception "Error while logging in to https://xxx:9443/ccm with UID yyy" Unexpected character "60": line 1, column 1
com.sync.mlp.rtc.common.exceptions.SyncException: null, Unexpected character "60": line 1, column 1, Error while logging in to https://xxx:9443/ccm with UID yyy
at com.ibm.team.repository.client.internal.TeamRepository.fetchClientVersionJSONObject(TeamRepository.java:1723)
at com.ibm.team.repository.client.internal.TeamRepository.access$0(TeamRepository.java:1676)
at com.ibm.team.repository.client.internal.TeamRepository$5.run(TeamRepository.java:1747)
at com.ibm.team.repository.client.internal.TeamRepository$5.run(TeamRepository.java:1)
at com.ibm.team.repository.client.internal.TeamRepository$3.run(TeamRepository.java:1324)
at com.ibm.team.repository.common.transport.CancelableCaller.call(CancelableCaller.java:79)
at com.ibm.team.repository.client.internal.TeamRepository.callCancelableService(TeamRepository.java:1319)
at com.ibm.team.repository.client.internal.TeamRepository.checkServerVersionMatches(TeamRepository.java:1750)
at com.ibm.team.repository.client.internal.TeamRepository.internalLogin(TeamRepository.java:1512)
at com.ibm.team.repository.client.internal.TeamRepository.login(TeamRepository.java:653)
at com.ibm.team.repository.client.internal.TeamRepository.login(TeamRepository.java:627)
at com.sync.mlp.rtc.client.handlers.RepositoryHandler.login(RepositoryHandler.java:126)
at com.sync.mlp.rtc.client.handlers.RepositoryHandler.connect(RepositoryHandler.java:66)
at com.sync.mlp.rtc.client.test.TestGetAndSetStatus.init(TestGetAndSetStatus.java:102)
at com.sync.mlp.rtc.client.test.TestGetAndSetStatus.main(TestGetAndSetStatus.java:45)
Thanks,
Mike
|
2 answers
Hi Mike,You should read this article in the deployment wiki: https://jazz.net/wiki/bin/view/Deployment/WebSealandCLM It provides some information on how WebSeal modifies some cookies that can disturb the correct behaviour of CLM. As Donald says, look at what is being returned, If you see IV_JCT in JavaScript code or cookie names then WebSeal is renaming things and you need to tell it to stop :-) The above document tells you how to do that. The character code "60" refers to "<" which is a tag start. So it may be a sign that WebSeal is injecting a SCRIPT tag into HTML text being requested from RTC, when this text is parsed the tag is unexpected. We have only seen this issue with Doors NG (which explains why in the above document the section that deals with this issue is entitled "Managing Doors Next Generation cookies in WebSEAL"). I hope this helps, Simon Comments
Mike Brouwers
commented Jan 06 '16, 10:23 a.m.
Hi Simon,
I'm using a virtual host ssl junction. It seems like the -j and -J options to enable xhtml10 are not available on that end. I also do not have any issues with any of the rtc applications (including Doors) using the web interface. This is only happening on the rtc client...
As I said before, when I use the standard RTC client (no custom plugins), or when I use the RTC client API I get this issue...
Any other ideas?
Simon Washbrook
commented Jan 06 '16, 11:11 a.m.
Hi Mike,
Mike Brouwers
commented Jan 06 '16, 4:47 p.m.
We have debugged the issues with wireshark.
It looks like the issue happens when a service gets called from the client api, the isam login causes errors. RTC does not know how to handle the ISAM login.
We are also looking into implementing MFA (TOTP) in our login process. Is there any documentation on how to resolve these issues with RTC?
For instance it expects JSON reponses or 401 for unauthenticated requests.
It looks like this is an RTC issue...
|
Hi Mike,
Don't jump to the conclusion that it is an RTC issue. RTC works fine without WebSeal and I know of at least two customers who use RTC successfully with WebSeal. When you add WebSeal between the client and the RTC server you start messing up the normal login process. How have you set up the login process for RTC, Form based or Basic? One of the customers using WebSeal and RTC successfully uses Basic authentication as they could not get Form based to work. The other one was not using a virtual host SSL junction so could try using a normal WebSeal junction. If you are still stuck contact the support for WebSeal. As for MFA (TOTP) you probably need to talk to WebSeal support to get pointers to the right documentation. |
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.
Comments
Have you debugged the code to see what's returned during login? If you remove the custom plugin from the RTC Eclipse client, do you have the same problem?
Hi Donald.