[RTC EWM] How to login to a server built with WAS Liberty? , Using Msxml2.ServerXMLHTTP from VBA
How to login to a server built with WAS Liberty? , Using Msxml2.ServerXMLHTTP from VBA
When using the WinHttp.WinHttpRequest.5.1 module, we have confirmed that we can log in.
I want to realize it using Msxml2. ServerXMLHTTP.
Previously it was built using the Tomcat server, so there is a need to develop tools that can be used together.
2 answers
Please be a ware of https://jazz.net/wiki/bin/view/Deployment/CLMProductAPILanding and have a look at Authentication of a native client with a Jazz-based application.
Thank you for your replies.
JAS is not used.
https://jazz.net/wiki/bin/view/Main/NativeClientAuthentication
The required steps, the data headers required for the Request, didn't seem to be wrong.
In other words, the required information is the same as Msxml2.ServerXMLHTTP.
In fact, you can log in using WinHttpRequest.5.1.
I think that the initial values of small objects are different.
The question is, is it important to have a header option that prohibits automatic redirects when logging in to WAS Liberty (CCM, JTS)?
Comments
I use that option in Postman, because the Form based authentication provides information if the authentication succeeded as URI in the Location header. If you are redirected in Postman, you can not check the Location header.
Thanks.
I see why.
MSXML2.SERVERXMLHTTP does not have an option to "redirect off".
So does that mean you can't log in?
My Python code uses a requests session which automatically follows redirects and logs in perfectly well on Liberty. Don't try to log in explicitly, it's cleaner to only log in when the result from a request indicates login is needed. On the initial access to a protected resource the result (after redirection, because you don't see the 302s) is 200 and there's a header in the response X-com-ibm-team-repository-web-auth-msg: authrequired - if both conditions are true then ignore the data in the response and do the login and (at least for DOORS Next) the login automatically redirects to GET the original protected resource; I've not tried recently on EWM but I imagine it would be the same - if it's not then after successful login retry the original GET. If you weren't doing a GET originally (e.g. POST) then you always have to explicitly retry the request.
Comments
Ian Barnard
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER Jun 25 '21, 8:51 a.m.See this article, for Liberty local auth under the heading FORM Challenge https://jazz.net/wiki/bin/view/Main/NativeClientAuthentication , for JAS under the Open ID Connect heading. I'm sure the Jazz auth details don't change based on the client library you're using; you'll have to translate your code using the one you have had working before into the API/concepts of the one you want to use now.
HIROAKI JOSAKO
Jun 28 '21, 4:11 a.m.Thanks! Ian
add Question Under Comment
Please reply