Jazz Authorization Server over Firewall/Proxy - Redirect
We have our CLM 603 applications set up on ://server1.mil:6443 using Websphere 8.5.5. Our jazz authorization server is set up on the same server using ://server1:3443 (default 9643 was not in the approved range) using the default liberty profile. The above URL's are for the development network. We work in the DoD and firewall rules take time and approvals, and we have little control over the F5 that they manage.
We were issued virtual alias/IP's to make this accessible on the non-classified network (separate VPN), and seemingly can hit the websphere applications (CLM) and Websphere liberty liberty (Jazz Auth Server) when entering the URL's directly.
://clm.mil translate over a firewall to server1.mil:6443
://jas.mil translates over a firewall to server1.mil:3443
The issue is now when you try to authenticate from Jazz Auth Server to the CLM applications, coming from ://clm.mil/qm (or rm/jts) takes you to the host name, not the alias (://server1.mil:6443/qm/service/com.ibm.team.repository.service.internal.oidc.IOidcUiInterceptService).
I've updated the teamserver.properties files for qm/rm/jts to point to the new alias, but that doesn't seem to be working either. Any advice/suggestions would be greatly appreciated.
One answer
You will nee to do "server rename".
https://www.ibm.com/support/knowledgecenter/en/SSYMRC_6.0.3/com.ibm.jazz.install.doc/topics/c_server_rename_overview.html
Modifying the teamserver.properties will not be enough (it is not the right approach anyway) as the public URI is stored in the database as well.
Comments
Thanks for your response. I am looking through the server rename documentation. However, I saw this come up:
"Remember that clients can connect to the CCM application with an alias: This ability supports the case where a local caching proxy is set up for caching source-control content. For more information, see Using content caching proxies for Jazz Source Control on Jazz.net. If you connect with an alias, you might be redirected to the public URI when you follow URIs that the application provides."
Do you think going this route is viable? (content caching with websphere/squid)?
http://www-01.ibm.com/support/docview.wss?rs=3488&uid=swg21405179
No. A content caching proxy only works for contents in SCM.