Git Integration with RTC using NodeJS resulting in CRRTC8814E: You are not authorized to perform that Git operation.
Hi,
During configuration of Git integration with RTC using Node JS I have reached point where I receive error after accessing repository via URL http://spserver:8888/git/Demo.git.
CRRTC8814E: You are not authorized to perform that Git operation.
I am not able to do git clone or anything else.
3 answers
Lily,
Here is my config
{"_Comment": "The is an example configuration file used by the Node application. This file is in JSON format and every property (say, X) has a corresponding description property (X-Description), which provides a simple explanation about the property itself. To start using this file, fill in the required fields and delete this property from the file.","Version": 1,"Version-Description": "Version number of this config file","Server-Use-HTTPS": false,"Server-Use-HTTPS-Description": "Boolean value that determines whether to use secure socket layer for HTTP communication","Server-Key-File-Path": "","Server-Key-File-Path-Description": "Absolute Path on the server to the server key file; MUST when HTTPS protocol is to be used","Server-Certificate-File-Path": "","Server-Certificate-File-Path-Description": "Absolute Path on the server to the certificate file; MUST when HTTPS protocol is to be used","Server-Setup-HTTP-Redirector": true,"Server-Setup-HTTP-Redirector-Description": "Boolean value that determines if an HTTP listener has to be setup; this listener simply diverts the incoming requests to same endpoint over HTTPS","Server-Port": 8888,"Server-Port-Description": "Integer value that defines the port on which the server has to listen to","Server-Socket-Timeout": 180000,"Server-Socket-Timeout-Description": "Timeout (in milliseconds) to be set for socket connection. Default is 3 minutes. Set to 0 for indefinite.","Git-Executable-Path": "git","Git-Executable-Path-Description": "Absolute path to the git executable on the server; provide the absolute path, if 'git' is not found on the PATH environment variable","Git-Repositories-Root-Dir": "c:/gitrepo/","Git-Repositories-Root-Dir-Description": "Absolute path to the directory on the server where the Git repositories are located","Git-Use-NodeGit": true,"Git-Use-NodeGit-Description": "Boolean Value that determines if nodegit module is to be used for operating on Git repositories. Setting to true implies that nodegit module is installed and is available to this server.","Auth-Profiles": {"Ldap-1": {"type": "LDAP","url": "ldap://spserver:389","bindDn": "CN=Administrator,CN=Users,DC=sp,DC=local","bindCredentials": "mypassword","searchBase": "CN=Users,DC=sp,DC=local","searchFilter": "(sAMAccountName={{username}})","searchAttributes": null},"Basic-1": {"type": "BASIC","url": "<url to the auth server, for example if RTC is used as the auth server the URL could be https://<rtcserver>:<port>/ccm/secure/authenticated/identity","method": "GET"}},"Auth-Profiles-Description": "Set of authentication profiles available. It is a map - with the profile name itself being the key, and the properties being the value. The value object must contain 'type' property as one of 'LDAP', 'BASIC' (Please note that it is case-sensitive). In case of LDAP authentication, the value object should have properties pertaining LDAP authentication. Some basic properties are listed here. However, you can add others if needed. The list of properties is documented here: https://github.com/vesse/node-ldapauth-fork#ldapauth-config-options. In case of BASIC authentication, the value object should have 'url' and 'method' properties against which the HTTP Basic authentication is done. If 'method' property is absent, 'GET' is assumed.","Git-URL-Prefixes": {"/git": {"authProfile": "Ldap-1"}},"Git-URL-Prefixes-Description": "Set of URL prefixes to be considered for the Git request. It is a map - with the prefix itself being the key, and the properties being the value. Right now the only supported property is 'authProfile' and its value can be one of the profile names in 'Auth-Profiles' configuration property. If 'authProfile' property is defined, the corresponding auth profile is applied; otherwise, no authentication is performed. In this case for example, the auth profile 'Ldap-1' will be applied for a Git repository having a url http://gitserver:9999/git/MyRepo.git since /git is the prefix to the git repository MyRepo.git"}
Comments
I don't see obvious problem in the config.json. Could you please clarify what operation did you do to get the error "CRRTC8814E: You are not authorized to perform that Git operation"?
The error code is reported from RTC. You should not get such error code if you just accessed the git repository from web browser.
I am getting this message after opening GIT repository page and entering credentials in te web bowser. Using GIT clone is not working as well.
I'm getting the same message but I'm using the phyton scipts. In the script rtcprocess.py which runs on the GitLab server in the validatePush method it tries to do an http request to the RTC server
Comments
apologies. I should have posted this as a comment
I confirmed that the user that I'm using to do the commit has access to the gitLab repository and is able to push changes.
Is there some debug options on RTC that we can enable to get more info on the error?
I'm using IBM's NodeJS scripts for vanilla Git integration using just SSH clients (the replacement for the Python scripts.)
I also was receiving CRRTC8814E: You are not authorized to perform that Git operation. whenever I tried to do a push or pre-receive check from the Git NodeJS triggers to RTC.
I don't know how the Python scripts are setup, but I had to do several things to get it working with NodeJS you may want to check:
1. The NodeJS scripts try to calculate the Git username of who kicked off the Git command, then attempts to do some e-mail/username lookup. It checks for the value of an assumed environment variable REMOTE_USER which did not exist anywhere in my setup. I had to edit this line to just pull the user's login name.
2. The name calculated from #1 above is passed in the HTTP params to RTC to check on authorization, therefore you must make sure that the names are going to match RTC usernames with at least a contributor license type setup.
3. RTC uses two pieces of data to authenticate: the username from #1 above plus the Git repo secret key, once both match your setup should be good.
https://jazz.net/wiki/bin/view/Main/RTCGitIntegrationSetupUsingNode
Comments
Lily Wang
Mar 23 '17, 9:31 p.m.Please check if the authentication configuration is correct in config.json.
Bartosz Chrabski
Mar 27 '17, 6:55 a.m.Lily,
Config is correct as I am able to login to the server using AD credentials and error message is diplayed after successful authentication.
Lily Wang
Mar 28 '17, 1:55 a.m.If the error is reported when you tried to access URL "http://spserver:8888/git/Demo.git" from a browser, it most likely something wrong in config.json file.
Please follow the wiki https://jazz.net/wiki/bin/view/Main/RTCGitIntegrationSetupUsingNode and forum discussion https://jazz.net/forum/questions/235317/rtc-and-git-integration-using-nodejs-authentication-ldap to have a check your current configuration.