It's all about the answers!

Ask a question
QuestionsTagsUsersBadges
Follow this question
Question details

×1,305

question asked: Oct 07 '10, 10:40 p.m.
question was seen: 5,568 times
last updated: Oct 07 '10, 10:40 p.m.

Related questions

FAQ - How this Forum works

Mutual Authentication when using Web Services

0
Des Drury (66107) | asked Oct 07 '10, 10:40 p.m.
Hi,

We have encountered a problem when using the RAM web services due to the requirement that the web server, IIS, require an NTLM authentication before passing on requests to the RAM application. This is fine for an end user accessing RAM, as when they are presented with the NTLM login dialog they are able to enter their credentials. They are then taken to the RAM login page, where they can then re-enter their credentials to login to RAM. However, when the RAM web services are used by either Eclipse or the RAM Client libraries the request fails. It seems that it fails because the client is only expecting to have to pass credentials once. Currently we are overcoming this by connecting directly to the Web Container of the AppServer. However, we need to use the IIS server.

What has been proposed is to setup another web site within IIS that does not impose the NTLM login. However, the standards state that if an NTLM login is not imposed then the client and server must authenticate with each other. Do you know if Eclipse and, more importantly, the RAM Client can use mutual authentication?

Cheers.

Des

3 answers

Most liked answers ↑|Newest answers|Oldest answers

0
permanent link
Gili Mendel (1.8k56) | answered Oct 12 '10, 2:23 p.m.
JAZZ DEVELOPER
Why is NTLM auth. required in addition to the container's auth?
0
permanent link
Des Drury (66107) | answered Oct 19 '10, 8:27 p.m.
Hi,

NTLM authentication is required as it is the standard here. However, we are looking to get an exemption as we have demonstrated that this breaks the ability to access RAM using Eclipse and the RAM client JARs. Also. other tools here do have an exemption for NTLM.

Cheers.

Des
0
permanent link
Gili Mendel (1.8k56) | answered Oct 26 '10, 10:35 a.m.
JAZZ DEVELOPER
That makes sense .... as NTLM is a connection based authentication, and the Rich Client is using Basic Auth (per request authentication), I am not sure how well those work together.

The Rich Client is using HTTP Client, but we do not use/tested a NTCredentials path http://hc.apache.org/httpclient-3.x/authentication.html#NTLM.

I opened an enhancement request: https://jazz.net/jazz02/resource/itemName/com.ibm.team.workitem.WorkItem/41100 for tracking purposes. If you need that support, you will need advocate for it to get prioritized in one of our future releases.

Your answer

Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.