It's all about the answers!

Ask a question

Jazz Authorization Server over Firewall/Proxy - Redirect


Leo Shin (112) | asked Jul 15 '17, 7:35 p.m.
retagged Jan 16 '18, 1:47 a.m. by Minakshi Jaint (5113)

We have our CLM 603 applications set up on ://server1.mil:6443 using Websphere 8.5.5.  Our jazz authorization server is set up on the same server using ://server1:3443 (default 9643 was not in the approved range) using the default liberty profile.  The above URL's are for the development network.  We work in the DoD and firewall rules take time and approvals, and we have little control over the F5 that they manage.

We were issued virtual alias/IP's to make this accessible on the non-classified network (separate VPN), and seemingly can hit the websphere applications (CLM) and Websphere liberty liberty (Jazz Auth Server) when entering the URL's directly.

://clm.mil translate over a firewall to server1.mil:6443
://jas.mil translates over a firewall to server1.mil:3443

The issue is now when you try to authenticate from Jazz Auth Server to the CLM applications, coming from ://clm.mil/qm (or rm/jts) takes you to the host name, not the alias (://server1.mil:6443/qm/service/com.ibm.team.repository.service.internal.oidc.IOidcUiInterceptService). 

I've updated the teamserver.properties files for qm/rm/jts to point to the new alias, but that doesn't seem to be working either.  Any advice/suggestions would be greatly appreciated.

One answer



permanent link
Donald Nong (14.3k211) | answered Jul 17 '17, 12:06 a.m.

You will nee to do "server rename".

https://www.ibm.com/support/knowledgecenter/en/SSYMRC_6.0.3/com.ibm.jazz.install.doc/topics/c_server_rename_overview.html

Modifying the teamserver.properties will not be enough (it is not the right approach anyway) as the public URI is stored in the database as well.


Comments
Leo Shin commented Jul 17 '17, 9:48 a.m.

Thanks for your response.  I am looking through the server rename documentation.  However, I saw this come up:

"Remember that clients can connect to the CCM application with an alias: This ability supports the case where a local caching proxy is set up for caching source-control content. For more information, see Using content caching proxies for Jazz Source Control on Jazz.net. If you connect with an alias, you might be redirected to the public URI when you follow URIs that the application provides."

Do you think going this route is viable? (content caching with websphere/squid)?

http://www-01.ibm.com/support/docview.wss?rs=3488&uid=swg21405179


Donald Nong commented Jul 20 '17, 12:55 a.m.

No. A content caching proxy only works for contents in SCM.

Your answer


Register or to post your answer.