It's all about the answers!

Ask a question

How to do Jazz FormBased Authantation.


Pavan M (313) | asked Jul 22, 3:55 a.m.

 Hii,


I am integrating SystemWeaver with CCM application. I am using Basic Authentication but is not working now I need to know how to do Jazz Form Base Authentication. Can any one please provide some support on this.

This is my Basic Authentication code correct me if anything is worng

try
            {
                var request = (HttpWebRequest)WebRequest.Create(url);
                request.Method = "GET";

                if (username != null)
                {
                                 

                   
                   var base64Credentials = GetEncodedCredentials(username, password);
                                    
                   
                  request.Headers.Add("Authorization", "Basic" + base64Credentials);
             
                 request.ContentType = "application/json; charset=UTF-8";
               
                }
              
                //Any certificat accept
                System.Net.ServicePointManager.ServerCertificateValidationCallback = (senderX, certificate, chain, sslPolicyErrors) => { return true; };

                var response = request.GetResponse();
                using (Stream responseStream = response.GetResponseStream())
                {
                    using (var reader = new StreamReader(responseStream, Encoding.UTF8))
                    {
                        return reader.ReadToEnd();
                    }
                }
            }

Thank you,
Regards,
Pavan m.

Accepted answer


permanent link
Davyd Norris (1.1k7) | answered Jul 22, 10:12 p.m.
The first time you hit a protected page, you'll get a 200 response and there will be session cookies set, and the response headers give you what approach to use:
 - first check for the header 'x-com-ibm-team-repository-web-auth-msg' and see if it's set to 'authrequired'. If this is the case then it's form based authentication directly to the JTS
 - if that check is false, then look for the header 'www-authenticate' and if that's present you need to do Basic Auth to an OpenID based server like the Jazz Authentication Server

Once you go through the auth above you will either be redirected back to your original page (form based), or you will need to explicitly re-request the original page (Basic).

In either case, check for the 'x-com-ibm-team-repository-web-auth-msg' header and make sure it's not 'authfailed'
Ralph Schoon selected this answer as the correct answer

One other answer



permanent link
Ralph Schoon (58.5k23642) | answered Jul 22, 4:26 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
edited Jul 22, 4:27 a.m.
I have tried to explain how this is done here:


I am currently not completely sure which Authentication to use when. It appears that Form Based Authentication works against systems that are set up without Jazz Authorization Server e.g. my local test system.

Basic Auth appears to be working with systems that have JAS set up and configured (assuming that https://jazz.net/jazz/ is setup this way, but I have validated against another system I know has these characteristics).

When I try to use Basic Auth against my test system without JAS configured, I get a header
X-com-ibm-team-repository-web-auth-msg: authrequired

and a Location header

Form Based Auth works with this system (liberty with local user authentication).


Comments
Ralph Schoon commented Jul 23, 1:44 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

Thanks Davyd,


that makes it clearer. 

Your answer


Register or to post your answer.