It's all about the answers!

Ask a question

How do I get/pass authentication for DNG using API calls?


Jacob Harland (113) | asked Jun 06 '22, 2:50 p.m.

I'm trying to access user roles and permissions on DNG. I've been able to access these websites manually, I've also passed the correct values in through Postman and got the expected results. I'm now using some older code given to me, JQuery, to download this data but I can't get the authentication to work. I keep getting 401 or 400 error codes. The codes a little scrambled right now because I keep trying new things and none of it is working. If anyone could point me in the right direction that would be great. 

  $.ajax({
        cache: false,
        type: "GET",
        url: "/jts/authenticated/identity",
        crossDomain: true,
        async: false,
        j_username: username,
        j_password: password,
        headers: {
            Accept: "application/rdf+xml",
            "Oslc-core-version": "2.0",
        },

$(function () {
    $.ajax({
        type: "POST",
        url: "/jts/authenticated/j_security_check",
        crossDomain: true,
        async: false,
        j_username: username,
        j_password: password,
        headers: {
            Accept: "application/rdf+xml",
            "Oslc-core-version": "2.0",
        },

$(function () {

    $.ajax({
        type: "GET",
        url: baseURL + "/rm",
        dataType: "json",
        headers: {
            Authorization: "Basic " + btoa(username + ":" + password),
            "OSLC-Core-Version": "2.0",
            Accept: "application/xml",
        },
        error: function (msg) {
            console.log(msg.statusText);
            $("#updates").text("Error logging into RM");
        },
    }).done(function () {
        console.log("Logged into RM");
    });

Accepted answer


permanent link
Ralph Schoon (63.6k33647) | answered Jun 07 '22, 1:49 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

 It can get rather complicated. I have tried to explain how it works here: https://rsjazz.wordpress.com/2021/10/15/elm-authentication/

Michael Rowe selected this answer as the correct answer

Comments
Jacob Harland commented Jun 07 '22, 11:07 a.m.

I will check this out and get back with you, thank you!  


Ralph Schoon commented Jun 07 '22, 11:22 a.m. | edited Jun 07 '22, 11:22 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

The authentication you use in your snippet is form based authentication. This only works in some of the setups. If it does not (use Postman) to test, my understanding is that BASIC Authentication is the fallback for the other situations (e.g. Jazz Authentication Server/OICD). 


Jacob Harland commented Jun 07 '22, 1:51 p.m.

Sorry I'm totally new to this. Where can I see what type of auth is used in postman? Is it a cookie JAZZ_AUTH_TOKEN? I also see this: JazzFormAuth=Form. So can it be either token based or form based? 

I'm just really confused. I'm trying to access /rm/process/project-areas/. I am going about this the correct way right? 


Ralph Schoon commented Jun 08 '22, 2:11 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

https://rsjazz.wordpress.com/2019/05/13/using-a-rest-client-to-authenticate-to-elm-clm-applications/ explains how this works. Note with BASIC Authentication, you have to send the authentication data with each call.  


Jacob Harland commented Jun 08 '22, 9:37 a.m. | edited Jun 08 '22, 9:39 a.m.

 So I actually looked at that link and was able to follow it and it works. But I pull the code from Postman and use it in Jquery and then it doesn't work. Why's it work on one but not the other? /jts/_j_security_check is fine on postman, but I get a 400 error when I'm using jquery. 


Ralph Schoon commented Jun 08 '22, 9:42 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

I can not help you with that. How the authentication works in your framework is not where I can help you, especially as "does not work" is not very useful. 


Note, if you run out of a browser in a JavaScript or other framework, please check https://jazz.net/forum/questions/98072/x-jazz-csrf-prevent-header-is-required-to-create-a-work-item-via-oslc-on-version-4001

The server prevents cross site scripting if you come from the browser. There is a special header that is needed then.


Jacob Harland commented Jun 08 '22, 10:11 a.m.

 Yes I'm using JS through the browser, I'll check that link too thank you. 


Michael Rowe commented Oct 19 '23, 2:30 p.m.
FORUM ADMINISTRATOR / FORUM MODERATOR

For examples on how Oauth1.0a and OIDC works, I have two blogs that include Postman files for experimenting with - https://michaelrowe01.com/index.php/day-job/ibm-elm/api-authentication-method-in-elm-oidc/ and https://michaelrowe01.com/index.php/day-job/ibm-elm/api-authentication-method-in-elm-oauth-1-0a/ 

showing 5 of 8 show 3 more comments

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.