Access to one RM from a different JTS
Hello,
I'm having troubles trying to connect to a RM application from a different JTS instance.
Here is the problem:
I have 2 servers with two instances of JTS. Lets say Server A and Server B.
What i want to do is to use Server A as OAuth to validate users and access to the catalog defined in rm/catalog on Server B.
As far as I know, i've defined Outbound link (friend) from Server B JTS to Server A JTS, and in the other side i've defined Inbound link (consumer) from Server A JTS to Server B JTS and added both urls to whitelist.
The problem is that after the validation in Server A (it is the responsible of token generation and authorization), when i'm trying to get the catalog URL i'm getting Error 401 Unauthorized due to invalid token.
Am I missunderstanding anything?
BR
2 answers
I would suggest to follow https://www.ibm.com/docs/en/engineering-lifecycle-management-suite/lifecycle-management/7.0.3?topic=server-configuring-friends and make sure that all the required servers are friended.
To be sure the friends relationship works, create a dashboard widget that contains a widget on the other server.
You might have to make the far RM server a friend to the other JTS as well.
Hi
Friending creates an OSLC relationship, which is necessary to allow e.g. linking, but doesn't create or specify single sign-on.
You need to ensure your application servers have a shared authentication mechanism; it's possible to configure two liberty to have the same SSO realm using ltpa keys.
You can do this with two Liberty but with only one JTS you'd register both /rm1 and /rm2 to that JTS.
For a user registry you can configure that JTS to use LDAP or to use Jazz Authorization Server which itself can use LDAP/SAML
If you need to have two JTS I think they'll have to share the same JAS to get single sign on.
HTH
Ian