It's all about the answers!

Ask a question

[RTC EWM] How to login to a server built with WAS Liberty? , Using Msxml2.​ServerXMLHTTP from VBA

HIROAKI JOSAKO (47427) | asked Jun 25 '21, 4:18 a.m.

How to login to a server built with WAS Liberty? , Using Msxml2.​ServerXMLHTTP from VBA

When using the WinHttp.WinHttpRequest.5.1 module, we have confirmed that we can log in.
I want to realize it using Msxml2. ServerXMLHTTP.

Previously it was built using the Tomcat server, so there is a need to develop tools that can be used together.

Ian Barnard commented Jun 25 '21, 8:49 a.m. | edited Jun 25 '21, 8:51 a.m.

See this article, for Liberty local auth under the heading FORM Challenge , for JAS under the Open ID Connect heading. I'm sure the Jazz auth details don't change based on the client library you're using; you'll have to translate your code using the one you have had working before into the API/concepts of the one you want to use now.

There are some notes regarding Tomcat in that article.

IME the best approach to auth is to take the approach of 'make the request we need to make, and if the response indicates auth is needed then do it' rather than 'let's explicitly authenticate and then make our requests' because the problem with the second method is that it doesn't automatically handle the authentication token expiry, whereas the first method handles this by simple automatically re-authenticating.

FORM or JAS/OIDC auth uses cookies; your code will have to persist these between requests to Jazz.

HIROAKI JOSAKO commented Jun 28 '21, 4:11 a.m.

Thanks! Ian
add Question Under Comment
Please reply

2 answers

permanent link
Ralph Schoon (63.1k33646) | answered Jun 25 '21, 4:35 a.m.

 Please be a ware of and have a look at Authentication of a native client with a Jazz-based application.

Your simplest options are Form Based Auth or Basic Auth. Form based auth requires cookies, basic auth, requires the Auth header to be sent with each request. I have tried to explain this here:

I do not know, if anyone here can comment on the MS tools in use, but I am very certain, that authentication should work the same for  any of the supported application servers.

HIROAKI JOSAKO commented Jun 28 '21, 4:11 a.m.

Thanks! Ralph.
add Question Under Comment
Please reply

permanent link
HIROAKI JOSAKO (47427) | answered Jun 28 '21, 4:10 a.m.

Thank you for your replies.
JAS is not used.
The required steps, the data headers required for the Request, didn't seem to be wrong.
In other words, the required information is the same as Msxml2.ServerXMLHTTP.
In fact, you can log in using WinHttpRequest.5.1.

I think that the initial values of small objects are different.

The question is, is it important to have a header option that prohibits automatic redirects when logging in to WAS Liberty (CCM, JTS)?

Ralph Schoon commented Jun 28 '21, 4:39 a.m.

I use that option in Postman, because the Form based authentication provides information if the authentication succeeded as URI in the Location header. If you are redirected in Postman, you can not check the Location header. 

HIROAKI JOSAKO commented Jun 29 '21, 4:33 a.m.

I see why.
MSXML2.SERVERXMLHTTP does not have an option to "redirect off".
So does that mean you can't log in?

Ian Barnard commented Jul 06 '21, 3:58 a.m.

My Python code uses a requests session which automatically follows redirects and logs in perfectly well on Liberty. Don't try to log in explicitly, it's cleaner to only log in when the result from a request indicates login is needed. On the initial access to a protected resource the result (after redirection, because you don't see the 302s) is 200 and there's a header in the response X-com-ibm-team-repository-web-auth-msg: authrequired - if both conditions are true then ignore the data in the response and do the login and (at least for DOORS Next) the login automatically redirects to GET the original protected resource; I've not tried recently on EWM but I imagine it would be the same - if it's not then after successful login retry the original GET. If you weren't doing a GET originally (e.g. POST) then you always have to explicitly retry the request.

Your answer

Register or to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.