Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

External Jazz links handled differently in CLM V5 and V6?


Upgraded from CLM V502 to V602 last week. Using distributed topology with Reverse Proxy enabled.  WebSphere V8.0.0.10 is the AppServer.  Firefox 38 ESR is the browser.

A user has a Word doc that contains links to files (PowerPoint presentations) stored in Jazz source control.  Prior to  the upgrade, she could Ctrl+Click on a link in the Word doc and the link would pop up successfully in a new tab in Firefox, provided she was already logged into Jazz in another tab.

After the upgrade, Ctrl+clicking the link in he Word doc opens a new tab, adds "/auth/authrequired" in the middle of the URL and tries to get you to log in again.  If you enter credentials, you get the "Invalid Path to Servlet" message if you are logged into Jazz in another tab.

It appears that the SESSIONID cookie is being ignored or bypassed in Jazz V6 for external links. My guess is that this is a security "feature".  I've been through all Firefox, WebSphere and Jazz settings I can find and can't seem the find the right setting to fix this.   I've tested this also on a V602 jazz server using WAS V8.5.5.9 as the App server and I get the same result.

Any thoughts on how to resolve this?  We are using self signed certs on our Jazz server VMs if that makes any difference.

Thanks,
Fran Kemp

0 votes



One answer

Permanent link
Francis, i see the same here in my demo environment. It does not depend on a proxy or on having WAS as I use WAS liberty and no proxy.

I am not sure what you mean with "external links". i basically used the link formats available for RTC work items. There is nothing external about them. If I use MS Word to open the link, already logged in, I run into the problem you describe. If I copy the link and paste it into a new tab I don't have to authenticate and it opes as expected.

In 5.0.2 this works in both ways.

Please open a PMR with support to get this looked into. I don't know the root cause. There are various changes done in the SSL and security area to fix issues that malware could exploit I don't know if this is the cause or not.

0 votes

Comments

 Ralph,


Thanks for the input.  By "external links", I'm referring to hyperlinks to Jazz resources that are found in external programs, such as Word documents. 

I suspect this is some sort of security thing - will open a PMR today.

Fran

Fran, I suspected that and tested all formats, same results for all I tested.

 Ralph - This only appears to be an issue for Jazz environments using Form logins.  We have several Jazz environments that use certificate logins that don't have this problem.

Fran, thanks for the information. However, I basically ran this on a demo environment that was set up with all the defaults and I think this should work in such an environment.

It worked before and it should continue to work.

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 7,494

Question asked: Jun 15 '16, 5:27 p.m.

Question was seen: 3,131 times

Last updated: Jun 17 '16, 3:56 a.m.

Confirmation Cancel Confirm