It's all about the answers!

Ask a question

[RTC EWM] How to login to a server built with WAS Liberty? , Using Msxml2.​ServerXMLHTTP from VBA


HIROAKI JOSAKO (35117) | asked Jun 25 '21, 4:18 a.m.

How to login to a server built with WAS Liberty? , Using Msxml2.​ServerXMLHTTP from VBA

When using the WinHttp.WinHttpRequest.5.1 module, we have confirmed that we can log in.
I want to realize it using Msxml2. ServerXMLHTTP.

Previously it was built using the Tomcat server, so there is a need to develop tools that can be used together.


Comments
Ian Barnard commented Jun 25 '21, 8:49 a.m. | edited Jun 25 '21, 8:51 a.m.
JAZZ DEVELOPER

See this article, for Liberty local auth under the heading FORM Challenge https://jazz.net/wiki/bin/view/Main/NativeClientAuthentication , for JAS under the Open ID Connect heading. I'm sure the Jazz auth details don't change based on the client library you're using; you'll have to translate your code using the one you have had working before into the API/concepts of the one you want to use now.


There are some notes regarding Tomcat in that article.

IME the best approach to auth is to take the approach of 'make the request we need to make, and if the response indicates auth is needed then do it' rather than 'let's explicitly authenticate and then make our requests' because the problem with the second method is that it doesn't automatically handle the authentication token expiry, whereas the first method handles this by simple automatically re-authenticating.

FORM or JAS/OIDC auth uses cookies; your code will have to persist these between requests to Jazz.


HIROAKI JOSAKO commented Jun 28 '21, 4:11 a.m.

Thanks! Ian
add Question Under Comment
Please reply

2 answers



permanent link
Ralph Schoon (59.7k23643) | answered Jun 25 '21, 4:35 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

 Please be a ware of https://jazz.net/wiki/bin/view/Deployment/CLMProductAPILanding and have a look at Authentication of a native client with a Jazz-based application.


Your simplest options are Form Based Auth or Basic Auth. Form based auth requires cookies, basic auth, requires the Auth header to be sent with each request. I have tried to explain this here: https://rsjazz.wordpress.com/2019/05/13/using-a-rest-client-to-authenticate-to-elm-clm-applications/

I do not know, if anyone here can comment on the MS tools in use, but I am very certain, that authentication should work the same for  any of the supported application servers.


Comments
HIROAKI JOSAKO commented Jun 28 '21, 4:11 a.m.

Thanks! Ralph.
add Question Under Comment
Please reply


permanent link
HIROAKI JOSAKO (35117) | answered Jun 28 '21, 4:10 a.m.

Thank you for your replies.
JAS is not used.

https://jazz.net/wiki/bin/view/Main/NativeClientAuthentication
The required steps, the data headers required for the Request, didn't seem to be wrong.
In other words, the required information is the same as Msxml2.ServerXMLHTTP.
In fact, you can log in using WinHttpRequest.5.1.

I think that the initial values of small objects are different.

The question is, is it important to have a header option that prohibits automatic redirects when logging in to WAS Liberty (CCM, JTS)?


Comments
Ralph Schoon commented Jun 28 '21, 4:39 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

I use that option in Postman, because the Form based authentication provides information if the authentication succeeded as URI in the Location header. If you are redirected in Postman, you can not check the Location header. 


HIROAKI JOSAKO commented Jun 29 '21, 4:33 a.m.

Thanks.
I see why.
MSXML2.SERVERXMLHTTP does not have an option to "redirect off".
So does that mean you can't log in?


Ian Barnard commented Jul 06 '21, 3:58 a.m.
JAZZ DEVELOPER

My Python code uses a requests session which automatically follows redirects and logs in perfectly well on Liberty. Don't try to log in explicitly, it's cleaner to only log in when the result from a request indicates login is needed. On the initial access to a protected resource the result (after redirection, because you don't see the 302s) is 200 and there's a header in the response X-com-ibm-team-repository-web-auth-msg: authrequired - if both conditions are true then ignore the data in the response and do the login and (at least for DOORS Next) the login automatically redirects to GET the original protected resource; I've not tried recently on EWM but I imagine it would be the same - if it's not then after successful login retry the original GET. If you weren't doing a GET originally (e.g. POST) then you always have to explicitly retry the request.


Your answer


Register or to post your answer.