It's all about the answers!

Ask a question

You are using Spnego /Kerberos authentication on the Jazz Team Server version (JTS) 6.0.2, when attempting to use RTC Eclipse 5.x to JTS 602 and the login fails and unable to connect, why?


Natarajan Thirumeni (298631) | asked Dec 08 '16, 9:03 a.m.
You are using Spnego /Kerberos authentication on the Jazz Team Server version (JTS) 6.0.2, when attempting to use RTC Eclipse 5.x to JTS 602 and the login fails and unable to connect, why?

If so, does the login of the Eclipse 502 client fail with the following error message in the .log file?

CRJAZ0098E The following service failed:

com.ibm.team.rtc.common.configuration.IComponentConfigurationService{/ccm/service/com.ibm.team.rtc.common.configuration.IComponentConfigurationService}. The server returned the HTTP error 302 with this error text:Found.
    at com.ibm.team.repository.transport.client.ClientHttpUtil.throwHttpClientError(ClientHttpUtil.java:1446)

You would expect RTC Eclipse version 502 to connect server as you've configured the WebSphere Application Server to support "fall back to application authentication mechanism"

Plus, Jazz Team Server should support N-1 backward compatibility support.

You have also validated, RTC Eclipse client 6.0 / 6.0.1 / 6.0.2 are able to connect to Jazz Team server either with user name or using Kerberos. However Eclipse client 5.0.2 is not.

The question is, what are you suppose to check on the server side for Eclipse client 5.0.2 to work?

Accepted answer


permanent link
Natarajan Thirumeni (298631) | answered Dec 08 '16, 9:07 a.m.
There are two key things which controls the older Eclipse clients ability to connect to Jazz team server: Please ensure you've enable both "fall back to application authentication mechanism" & "Filter criteria" for RTC 5.x client to connect Jazz Team server 602 whose authentication is configured to use SPNEGO / Kerberos . Lets take a look these steps in details: Fall back setting in WAS

1. Ensure you have configured the WebSphere Application Server to support "fall back to application authentication mechanism". See the screen shot below where fall back option is checked.

    Log in to the WebSphere Application Server Integrated Solutions Console.
    Click Security > Global Security > Web and SIP security > SPNEGO web authentication.
    Select the Allow fall back to application authentication mechanism check box.
Fall back setting in WAS

2. Ensure filter has value user-agent^=Mozilla|Opera|spnego-enabled as per below steps and a screen shot to assist you.

    Log in to WebSphere Application Server Integrated Solutions Console.
    Click Security > Global Security > Web and SIP security > SPNEGO web authentication.
    In the SPNEGO Filters section, select the appropriate Key Distribution Center (KDC) host name.
    Under General Properties, in the Filter criteria field, enter the following value.

        user-agent^=Mozilla|Opera|spnego-enabled
Eclipse5.x
Note: The user-agent property selectively enables SPNEGO for web clients and version 6.0 Eclipse clients that support Kerberos/SPNEGO authentication. Older clients are challenged with application authentication; these clients are not served with Kerberos/SPNEGO authentication.

In a distributed environment (in our case we've JTS and CCM on two different box) you need to perform both step 1 & 2 on the CCM profile not in JTS! Any changes to step 1 & 2 require a server to restarted.

Once you have configured step 1 & 2 on the server, you should be able to use RTC 5.x client to connect Jazz Team server 602 whose authentication is configured to use SPNEGO / Kerberos .

If you run into issue where older client do not connect to Jazz Team Server, please open a PMR and IBM support can assist you on this.
Ralph Schoon selected this answer as the correct answer

Your answer


Register or to post your answer.