JAS needs to be added in IHS and be registered in JTS?
Accepted answer
Hi Tojan,
Not sure what you configured for Oracle DB. JAS?
Server renaming would have to be done if you change the public URL. But this is not required to change the JAS URL.
Not sure what you configured for Oracle DB. JAS?
Server renaming would have to be done if you change the public URL. But this is not required to change the JAS URL.
Since JAS runs on Liberty the info
https://jazz.net/wiki/bin/view/Deployment/CreateIHSPLUGINFORLIBERTYPROFILE
applies as well, especially the part about merging multiple plugin-cfg.xml
The JAS will still be available over its hosted server URL. To test the new (public URI conform) access URL use the links mentioned in https://www.ibm.com/support/knowledgecenter/SSYMRC_6.0.5/com.ibm.jazz.install.doc/topics/c_jsasso_jas_deploy_start.html
If
applies as well, especially the part about merging multiple plugin-cfg.xml
The JAS will still be available over its hosted server URL. To test the new (public URI conform) access URL use the links mentioned in https://www.ibm.com/support/knowledgecenter/SSYMRC_6.0.5/com.ibm.jazz.install.doc/topics/c_jsasso_jas_deploy_start.html
If
gives the same answer ashttps://<JASServerName>:9643/oidc/endpoint/jazzop/.well-known/openid-configurationhttps://<ProxiedJASServerName>/oidc/endpoint/jazzop/.well-known/openid-configuration
when you replace the content between <> with your actual URLs
then you are good to change to the new JAS proxy URL.
Actually you have to change the JAS URL in each teamserver.properties for jts and all apps.
So
* server.shutdown.sh
* backup, then edit each .../server/conf/<app>/teamserver.properties
(the line com.ibm.team.repository.servlet.sso_as= ...)
* server.startup.sh
* try to connect to https://<publicURI>/<app> for each installed app (jts, rm, qm, ccm ...)
If you look at the main .../jts/admin page --> manage server the JAS status and URL should be displayed there.
Comments
Hi Arne,
I have installed and configured JAS on JTS server and IHS is on separate server.
I merged the JAS, JTS and other application plugin-cfg.xml files. IHS works fine for CLM applications but JAS is not working.
Test of JAS through IHS is not working. Below the error message and nothing much I got from logs.
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Hi Tojan,
assuming the error message is what is displayed in the web browser when you ... do what?
To troubleshoot there are several parts which need to be analyzed:
1. Is JAS Liberty up and running? Check in message.log and/or console.log and check for running Java process on that machine
2. Can you reach JAS locally via web browser on that machine (skip if server without XTerm)?
3. Can you reach JAS directly from a browser using the non-routed URL (i.e. https://jas.physical.server:9643/oidc/endpoint/jazzop/.well-known/openid-configuration
To troubleshoot there are several parts which need to be analyzed:
1. Is JAS Liberty up and running? Check in message.log and/or console.log and check for running Java process on that machine
2. Can you reach JAS locally via web browser on that machine (skip if server without XTerm)?
3. Can you reach JAS directly from a browser using the non-routed URL (i.e. https://jas.physical.server:9643/oidc/endpoint/jazzop/.well-known/openid-configuration
?
4. Can you reach JAS directly from a browser using the routed URL (i.e. https://my.public.url/oidc/endpoint/jazzop/.well-known/openid-configuration ?
If you get to step 4 and the error pops up there most likely something is wrong with the plugin-cfg.xml on the IHS (typo, missing bracket). What do the IHS logs say? If this is for a productive environment I would definitely involve IBM support and have them take a look at it, too
4. Can you reach JAS directly from a browser using the routed URL (i.e. https://my.public.url/oidc/endpoint/jazzop/.well-known/openid-configuration ?
If you get to step 4 and the error pops up there most likely something is wrong with the plugin-cfg.xml on the IHS (typo, missing bracket). What do the IHS logs say? If this is for a productive environment I would definitely involve IBM support and have them take a look at it, too
Hello Arne,
Issue got resolved by importing the IHS certificate into JAS.
1 vote
One other answer
Hi,
according to the recommended topologies you would also route the JAS URL through the reverse proxy (IHS). Technically you do not need to, but I would not consider setup complete unless you did.
Have you installed CLM 6.0.5 right away with the SSO option? In that case you should be good as long as the JTS teamserver.properties has the right URL to the JAS (the rerouted one if you "hide" it behind the IHS).
Be sure to have all the right security certificates in place. If you configure JAS for LDAP JTS also needs to have the proper LDAP parameters during setup (for LDAP sync jobs).
More info cp. https://jazz.net/wiki/bin/view/Deployment/JazzAuthorizationServer and especially https://www.ibm.com/support/knowledgecenter/SSYMRC_6.0.5/com.ibm.jazz.install.doc/topics/c_jsasso_jas_deploy_start.html
If this is helpful please mark the answer as accepted. As a small courtesy could I ask you to please change the title of your post to a question? Thank you.
gg,
Arne
gg,
Arne
Comments
Hello Arne,
Thanks for the quick response and sharing the links.
Yes, while installing CLM 6.0.5 SSO is enabled.
I am not going to have clustered JAS. From your comment, I understand that the environment will be complete only if JAS also routed through IHS.
I haven't gone through the articles you shared and completed the setup. So, still I am not clear whether JAS will be appearing in the list of application to be registered and it has to be registered under JTS.
Thanks,
Tojan
JAS does not need to be registered as an app. During JTS setup you will need to enter the URL to JAS which physically will be stored in the .../server/conf/jts/teamserver.properties and displayed in the JTS admin server page. If you have not setup the JAS URL to be rerouted through IHS I would do this beforehand, test that you can access JAS via that URL and then run JTS setup. Otherwise you need to change the JAS URL parameter in the teamserver.properties of JTS later on.
- Arne
Hello Arne,
How to route JAS URL through IHS? Is it same way we do for other applications?
I already configured for Oracle DB. So server renaming is required for routing through IHS?