Batch jobs and SAML authetication

TOMI MOOLAN SOURU

(13●2●2●5) yesterday

We are migrating our ELM Applications to cloud and planning to use SAML Authentication.

We followed instructions from this url https://jazz.net/wiki/bin/view/Main/JFSCoreSecurity#Application_Authentication and it works for non-batch jobs. The user verification is impossible in the case of batch jobs. Coud you please provide more details about OIDC authentication. This URL https://jazz.net/wiki/bin/view/Main/NativeClientAuthentication#Jazz_Container_authentication is some infomration. But it is unclear. Would you have any detailed steps or example?

The URLs for the OAuth endpoints should not be hard-coded by a client but should be retrieved from the root services document. The URLs shown in the details below should be considered as examples only.

Retrieve Request Token
- Root Services Key: http://jazz.net/xmlns/prod/jazz/jfs/1.0/oauthRequestTokenUrl
- Example URL: https://{server-name-and-port}/jazz/oauth-request-token
- Method: POST
- Parameters: oauth_consumer_key={consumer-key} [1] [2]
Authenticate Request Token
- Root Services Key: http://jazz.net/xmlns/prod/jazz/jfs/1.0/oauthUserAuthorizationUrl
- Example URL: https://{server-name-and-port}/jazz/oauth-authorize
- Method: POST
- Parameters: oauth_token={request-token}&authorize=True [3]
Retrieve Access Token

Root Services Key: http://jazz.net/xmlns/prod/jazz/jfs/1.0/oauthAccessTokenUrl
Example URL: https://{server-name-and-port}/jazz/oauth-access-token
Method: POST
Parameters: oauth_consumer_key={consumer-key}&oauth_token={request-token} [2] [4]

0 votes

1 answer

42 views

0 votes

One answer

Permanent link

Davyd Norris

(3.0k●2●19) yesterday

In the case of SAML and a native client, you're almost certainly going to have to use application passwords or application tokens. You need to enable this in the JAS and then log in as a real user to generate them.

Once you do that, you can then use the user name and the application password (you'll need to add header info to tell ELM that your client knows how to do the application password flow) to log your client in.

I found it a lot easier to use the application token, which you send as a Bearer token.

See:

https://jazz.net/wiki/bin/view/Deployment/EnableJASAppPasswords

https://www.ibm.com/docs/en/engineering-lifecycle-management-suite/lifecycle-management/7.0.3?topic=installation-application-passwords-native-client-authentication-openid-connect

0 votes

Your answer

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers

Answers and Comments

Question details

extending

× 10,952

clm

× 7,507

rational-doors-next

× 5,987

requirements-management-doors-next

× 1,484

elm

× 1,337

Question asked: yesterday

Question was seen: 42 times

Last updated: yesterday

Batch jobs and SAML authetication

TOMI MOOLAN SOURU

1 answer

42 views

0 votes

One answer

Davyd Norris

Your answer

Follow this question

Question details

Related questions