It's all about the answers!

Ask a question

Access to one RM from a different JTS


Ernesto Liria (111) | asked Feb 28, 6:38 a.m.

 Hello,


I'm having troubles trying to connect to a RM application from a different JTS instance.

Here is the problem:

I have 2 servers with two instances of JTS. Lets say Server A and Server B.

What i want to do is to use Server A as OAuth to validate users and access to the catalog defined in rm/catalog on Server B.

As far as I know, i've defined Outbound link (friend) from Server B JTS to Server A JTS, and in the other side i've defined Inbound link (consumer) from Server A JTS to Server B JTS and added both urls to whitelist.

The problem is that after the validation in Server A (it is the responsible of token generation and authorization), when i'm trying to get the catalog URL i'm getting Error 401 Unauthorized due to invalid token.

Am I missunderstanding anything?

BR




2 answers



permanent link
Ralph Schoon (63.2k33646) | answered Feb 29, 2:44 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
edited Feb 29, 5:14 a.m.

 I would suggest to follow https://www.ibm.com/docs/en/engineering-lifecycle-management-suite/lifecycle-management/7.0.3?topic=server-configuring-friends and make sure that all the required servers are friended. 
To be sure the friends relationship works, create a dashboard widget that contains a widget on the other server.


You might have to make the far RM server a friend to the other JTS as well.


permanent link
Ian Barnard (1.9k613) | answered Mar 01, 4:07 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
edited Mar 01, 4:08 a.m.

 Hi


Friending creates an OSLC relationship, which is necessary to allow e.g. linking, but doesn't create or specify single sign-on.

You need to ensure your application servers have a shared authentication mechanism; it's possible to configure two liberty to have the same SSO realm using ltpa keys.

You can do this with two Liberty but with only one JTS you'd register both /rm1 and /rm2 to that JTS.

For a user registry you can configure that JTS to use LDAP or to use Jazz Authorization Server which itself can use LDAP/SAML

If you need to have two JTS I think they'll have to share the same JAS to get single sign on.

HTH
Ian

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.