It's all about the answers!

Ask a question

Repository group memberships not recognized after migration to JAS SSO(Jazz Authorisation Server)

Fabian GUERIF (132) | asked Mar 14, 12:43 p.m.


Exactly the same problem:

CLM V.7.0.2, JAS V.7.0.2

After migrating JTS to use JAS with help of repotool, I'm able to login to JTS, but I'm only recognized as guest and I'm not member of any repository group when login through JAS with an LDAP account.

Any idea what could be wrong? I'm using the same LDAP setup than before the migration.  A local file based registry is working. Local users defined and added to the local groups are working.

The LDAP setup in JAS is working. I can run the test on the /oidc/endpoint/jazzop/registration URL.
Also members are recognized in LDAP groups for the oauth-roles to manage application registrations within /jts/setup.

The Liberty AdminCenter for JAS is also able to work with the LDAP groups defined in the <administrator-role> section.

The Issue is that all CLM applications are NOT recognizing the repository groups through JAS.
The setting in appConfig.xml, <application> section, is just "ignored". As well as the settings in the application.xml of the CLM applications, which was working before with direct LDAP.

How does JTS recognize the group membership through JAS? What can I do to troubleshoot?
Any Idea or configuration example? I read many documents and help pages but I do not have an idea anymore.



Accepted answer

permanent link
Shubjit Naik (1.5k1613) | answered Mar 15, 1:37 a.m.

 Hi Fabian

User Group to Role mapping is done by JTS when deployed with JAS. 

Could you confirm that the User Registry Type in <JTS_Home>\server\conf\jts\ is set to LDAP and the LDAP configurations matches what is set with JAS?

Fabian GUERIF selected this answer as the correct answer

Fabian GUERIF commented Mar 15, 4:54 a.m. | edited Mar 15, 8:50 a.m.

 Thank Shubjit,

I will test your solution.

I keep you informed.



Fabian GUERIF commented Mar 15, 6:08 a.m. | edited Mar 15, 8:48 a.m.


Thank your help.
The LDAP SSO connection now works fine.

Have a good day.



One other answer

permanent link
Fabian GUERIF (132) | answered Mar 15, 4:13 a.m.
edited Mar 15, 4:14 a.m.

 Hi Shubjit,

Thank for your answer.

I have no problems with LDAP for the JTS authentication, mapping users with groups with the good rights.

I have no problems executing this two steps after JAS installation:
Verify that the Jazz Authorization Server is running
Verify that the user registry is configured correctly

I will modify JTS > Advanced Properties > for User group to Jazz role mappings.

For file <JTS_Home>\server\conf\jts\

Should I modify this line by:



Shubjit Naik commented Mar 15, 4:24 a.m.

 HI Fabian

Yes, if your groups exist is LDAP then the following should be set

Also the other LDAP properties and group mappings in\=Groups,dc\=example,dc\=com\=Users,dc\=example,dc\=com\={USER-DN}\=JazzAdmins, JazzUsers\=JazzUsers, JazzProjectAdmins\=JazzProjectAdmins, JazzGuests\=JazzGuests\://localhost\:10389

Your answer

Register or to post your answer.