Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

[RTC EWM] How to login to a server built with WAS Liberty? , Using Msxml2.​ServerXMLHTTP from VBA

How to login to a server built with WAS Liberty? , Using Msxml2.​ServerXMLHTTP from VBA

When using the WinHttp.WinHttpRequest.5.1 module, we have confirmed that we can log in.
I want to realize it using Msxml2. ServerXMLHTTP.

Previously it was built using the Tomcat server, so there is a need to develop tools that can be used together.

0 votes

Comments

See this article, for Liberty local auth under the heading FORM Challenge https://jazz.net/wiki/bin/view/Main/NativeClientAuthentication , for JAS under the Open ID Connect heading. I'm sure the Jazz auth details don't change based on the client library you're using; you'll have to translate your code using the one you have had working before into the API/concepts of the one you want to use now.


There are some notes regarding Tomcat in that article.

IME the best approach to auth is to take the approach of 'make the request we need to make, and if the response indicates auth is needed then do it' rather than 'let's explicitly authenticate and then make our requests' because the problem with the second method is that it doesn't automatically handle the authentication token expiry, whereas the first method handles this by simple automatically re-authenticating.

FORM or JAS/OIDC auth uses cookies; your code will have to persist these between requests to Jazz.

Thanks! Ian
add Question Under Comment
Please reply



2 answers

Permanent link

 Please be a ware of https://jazz.net/wiki/bin/view/Deployment/CLMProductAPILanding and have a look at Authentication of a native client with a Jazz-based application.


Your simplest options are Form Based Auth or Basic Auth. Form based auth requires cookies, basic auth, requires the Auth header to be sent with each request. I have tried to explain this here: https://rsjazz.wordpress.com/2019/05/13/using-a-rest-client-to-authenticate-to-elm-clm-applications/

I do not know, if anyone here can comment on the MS tools in use, but I am very certain, that authentication should work the same for  any of the supported application servers.

1 vote

Comments

Thanks! Ralph.
add Question Under Comment
Please reply


Permanent link

Thank you for your replies.
JAS is not used.

https://jazz.net/wiki/bin/view/Main/NativeClientAuthentication
The required steps, the data headers required for the Request, didn't seem to be wrong.
In other words, the required information is the same as Msxml2.ServerXMLHTTP.
In fact, you can log in using WinHttpRequest.5.1.

I think that the initial values of small objects are different.

The question is, is it important to have a header option that prohibits automatic redirects when logging in to WAS Liberty (CCM, JTS)?

0 votes

Comments

I use that option in Postman, because the Form based authentication provides information if the authentication succeeded as URI in the Location header. If you are redirected in Postman, you can not check the Location header. 

Thanks.
I see why.
MSXML2.SERVERXMLHTTP does not have an option to "redirect off".
So does that mean you can't log in?

My Python code uses a requests session which automatically follows redirects and logs in perfectly well on Liberty. Don't try to log in explicitly, it's cleaner to only log in when the result from a request indicates login is needed. On the initial access to a protected resource the result (after redirection, because you don't see the 302s) is 200 and there's a header in the response X-com-ibm-team-repository-web-auth-msg: authrequired - if both conditions are true then ignore the data in the response and do the login and (at least for DOORS Next) the login automatically redirects to GET the original protected resource; I've not tried recently on EWM but I imagine it would be the same - if it's not then after successful login retry the original GET. If you weren't doing a GET originally (e.g. POST) then you always have to explicitly retry the request.


Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details

Question asked: Jun 25 '21, 4:18 a.m.

Question was seen: 2,371 times

Last updated: Jul 06 '21, 3:58 a.m.

Confirmation Cancel Confirm