It's all about the answers!

Ask a question

vbscript: error on login

Ilona Krammer (159549) | asked Nov 07 '16, 4:15 a.m.
edited Nov 07 '16, 4:17 a.m.

I need to try to access RTC through vb script and I also found a site that provides a script:

But I cannot get it to work. I'm stuck at the login which doesn't seem to work even though I've tried to apply all the corrections that were suggested in the comments.
I'd post right there on the site with the article but it doesn't work (I'm getting an error message to try later...) so I'm hoping someone here can help.

This is my JazzLogin function:
Public Function JazzLogin(url, userid, password)

    Dim JazzUserid
    Dim JazzPassword
    JazzUserid = "j_username=" & userid
    JazzPassword = "j_password=" & password

    Set http = CreateObject("MSXML2.ServerXMLHTTP.6.0")

    ' login to jazz server specified in the parameter section.
    http.Open "GET", url&"/authenticated/identity", False

    http.Open "POST", url&"/authenticated/j_security_check", False
    http.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
    http.Send JazzUserid&"&"&JazzPassword
    Set JazzLogin = http
End Function

Hope you can help me!

Additional info: the url itself works when I use it to access RTC via perl. So I don't have an error somewhere in the url or user credentials

Ilona Krammer commented Nov 08 '16, 4:55 a.m.

So the problem obviously is that I'm getting an answer back when trying to login (so it's not a bad request in itself) but that I'm getting this message:

You have followed a direct link to log in to a Jazz server. This page has been presented to ensure that a malicious website cannot use cleverly crafted content to circumvent security. Please log in if you would like to access the server.

I just don't know what to do about it - and I don't know why it happens with vb script but it worked with perl

Anyone got an idea?

Dmitry A. Lesin commented Sep 20 '17, 1:05 p.m.

Hi Ilona,
Were you able to solve this problem?
Thank you in advance!

Ilona Krammer commented Sep 21 '17, 1:50 a.m.

Sorry Dmitry,
I could not solve the problem. But we also postponed this script until this October so we are going to have another look at it. Maybe we can find something out.
If you do, please comment here so I get a notification about it!
Best regards,

Dmitry A. Lesin commented Nov 27 '17, 11:33 a.m. | edited Nov 27 '17, 11:35 a.m.

 Hi Ilona,

Take a look please at the answer from Winston Enos. I checked it and it really works. He is a magician!

2 answers

permanent link
Donald Nong (14.5k414) | answered Nov 08 '16, 10:52 p.m.
It may be about cookies. Check out the below post.

So using XMLHTTP instead of ServerXMLHTTP should resolve the issue. If you are like me and have to use ServerXMLHTTP in order to ignore SSL certificate errors, then you probably have to go through the painful process of parsing the cookies by yourself.

Ilona Krammer commented Nov 25 '16, 5:23 a.m.

I've tried to pass on all the cookie information that I got, but I'm not even getting a session cookie or something.

This is the output I'm getting from getResponseHeader("Set-Cookie"):
JazzFormAuth=Form; Path=/ccm; Secure

But if I pass that on to the next request it doesn't change a thing - still doesn't work unfortunately ..
Do you maybe have any other ideas?

permanent link
Winston Enos (33116) | answered Nov 26 '17, 3:31 p.m.

I was having the same issue above (a POST or GET on the authentication URL from VBA was dying from 400 errors, even though the exact same code works from Perl/cuRL.)

The solution (at least for me) was that you have to set the User-Agent from your response header in VBA like so:
Set http = CreateObject("Msxml2.ServerXMLHTTP.6.0")
http.setRequestHeader "Content-Type", "application/x-www-form-urlencoded"
http.setRequestHeader "If-Modified-Since", "Sat, 1 Jan 2000 00:00:00 GMT"
http.setRequestHeader "User-Agent", "MS Internet Explorer"

Whatever user-agent value is being sent from VBA's COM interface class is considered invalid by RTC, no idea why and RTC offers not useful hint in the return headers (or it could be I'm not understanding them.)

Making this change allows me to successfully POST a login, get my JSESSIONID, and continue making calls on this object just fine.

By the way, the other COM interface works as well: Set http = CreateObject("MSXML2.XMLHTTP")
For simplicity, especially if you're making a light amount of REST calls, this is probably fine as it piggybacks from IE and uses the old UrlMon interface according to Microsoft. However, if you need fine-grain control over cookies you probably will want to go with the other interface in my code snippet above.

Keep in mind that enabling TLS 1.2 for these COM interfaces is a huge pain too, in the case that your organization may restrict SSLv2/v3/TLS1.0/TLS1.1 and requires TLS 1.2, as for Windows 7 users you will actually need to make registry edits defined here:

Dmitry A. Lesin commented Nov 27 '17, 11:36 a.m.

 Perfect! It works! Thank you!

Your answer

Register or to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.