Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

Jazz Authorization Server over Firewall/Proxy - Redirect

Questions
Tags
Users
Badges
Leo Shin
(1113) retagged
Jan 16 '18, 1:47 a.m.

We have our CLM 603 applications set up on ://server1.mil:6443 using Websphere 8.5.5.  Our jazz authorization server is set up on the same server using ://server1:3443 (default 9643 was not in the approved range) using the default liberty profile.  The above URL's are for the development network.  We work in the DoD and firewall rules take time and approvals, and we have little control over the F5 that they manage.

We were issued virtual alias/IP's to make this accessible on the non-classified network (separate VPN), and seemingly can hit the websphere applications (CLM) and Websphere liberty liberty (Jazz Auth Server) when entering the URL's directly.

://clm.mil translate over a firewall to server1.mil:6443
://jas.mil translates over a firewall to server1.mil:3443

The issue is now when you try to authenticate from Jazz Auth Server to the CLM applications, coming from ://clm.mil/qm (or rm/jts) takes you to the host name, not the alias (://server1.mil:6443/qm/service/com.ibm.team.repository.service.internal.oidc.IOidcUiInterceptService). 

I've updated the teamserver.properties files for qm/rm/jts to point to the new alias, but that doesn't seem to be working either.  Any advice/suggestions would be greatly appreciated.

0 votes

1 answer
4,068 views
0 votes

One answer

Permanent link
Donald Nong
(14.5k614) Jul 17 '17, 12:06 a.m.

You will nee to do "server rename".

https://www.ibm.com/support/knowledgecenter/en/SSYMRC_6.0.3/com.ibm.jazz.install.doc/topics/c_server_rename_overview.html

Modifying the teamserver.properties will not be enough (it is not the right approach anyway) as the public URI is stored in the database as well.

0 votes

Comments
Leo Shin
Jul 17 '17, 9:48 a.m.

Thanks for your response.  I am looking through the server rename documentation.  However, I saw this come up:

"Remember that clients can connect to the CCM application with an alias: This ability supports the case where a local caching proxy is set up for caching source-control content. For more information, see Using content caching proxies for Jazz Source Control on Jazz.net. If you connect with an alias, you might be redirected to the public URI when you follow URIs that the application provides."

Do you think going this route is viable? (content caching with websphere/squid)?

http://www-01.ibm.com/support/docview.wss?rs=3488&uid=swg21405179

Donald Nong
Jul 20 '17, 12:55 a.m.

No. A content caching proxy only works for contents in SCM.

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Ask a question
Guidelines
FAQ
Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 1,381
× 382

Question asked: Jul 15 '17, 7:35 p.m.

Question was seen: 4,068 times

Last updated: Jan 16 '18, 1:47 a.m.

Confirmation Cancel Confirm