It's all about the answers!

Ask a question

user not authorized


Kathryn Fryer (503147) | asked Jun 01 '11, 3:15 p.m.
I have RTC 3.0 installed w/ Derby and Tomcat. My RTC user is a JazzAdmin, JazzDWAdmin, and JazzProjectAdmin. He is able to admin the JTS server and users, and the RTC application. However, when I go to the RTC User admin view and try to view User details, I get an error:

"The user configured to perform the request :https://rtcserver.ibm.com:9443/jts/service/com.ibm.team.repository.service.internal.IExternalUserRegistryRestService/isExternalRegistryWriteable" on the JTS is not authorized. There may not be a functional user configured for the oauth consumer, or the functional user that is configured does not have sufficient privileges to perform the requested operation. Connection Error: UnauthorizedID CRJAZ1832E
com.ibm.team.repository.common.TeamRepositoryException"

And when I try to create a Project, I get the same error, but with com.ibm.team.repository.common.LicenseNotGrantedException

I discovered my user had a disabled trial license, so switched him to a "real" license - authorized RTC Developer CAL. Restarted JTS. Still the same behaviour.

This is on a VMware image; changing the CAL was successful for a colleague using a copy of the same image.

Suggestions?
Kathryn

13 answers



permanent link
Jared Russell (1.3k12019) | answered Jun 02 '11, 6:41 a.m.
One possibility: are you entering the username in the correct case?

Tomcat will authenticate the user name in a case-insensitive manner, however by default RTC does a case-sensitive lookup of the user name in the database. This can manifest itself as users being able to login but having no licenses/permissions within the application itself.

I have RTC 3.0 installed w/ Derby and Tomcat. My RTC user is a JazzAdmin, JazzDWAdmin, and JazzProjectAdmin. He is able to admin the JTS server and users, and the RTC application. However, when I go to the RTC User admin view and try to view User details, I get an error:

"The user configured to perform the request :https://rtcserver.ibm.com:9443/jts/service/com.ibm.team.repository.service.internal.IExternalUserRegistryRestService/isExternalRegistryWriteable" on the JTS is not authorized. There may not be a functional user configured for the oauth consumer, or the functional user that is configured does not have sufficient privileges to perform the requested operation. Connection Error: UnauthorizedID CRJAZ1832E
com.ibm.team.repository.common.TeamRepositoryException"

And when I try to create a Project, I get the same error, but with com.ibm.team.repository.common.LicenseNotGrantedException

I discovered my user had a disabled trial license, so switched him to a "real" license - authorized RTC Developer CAL. Restarted JTS. Still the same behaviour.

This is on a VMware image; changing the CAL was successful for a colleague using a copy of the same image.

Suggestions?
Kathryn

permanent link
Kathryn Fryer (503147) | answered Jun 06 '11, 9:33 a.m.
I double-checked tomcat-users file, and I am using the correct case.

I also tried creating a new user in the JTS User Admin, giving them JazzAdmin, JazzDWAdmin, and JazzProjectAdmin permissions, and an RTC Developer CAL. When I log in as the new user, the behaviour is the same.

permanent link
Kathryn Fryer (503147) | answered Jun 06 '11, 10:10 a.m.
One additional oddity -- my new user is "kadmin". When I log into JTS with those credentials, all is well. When I log into RTC admin, it logs me in as ADMIN. And I do not see "kadmin" in the list of RTC users, although I assigned an RTC Developer license.

permanent link
Jared Russell (1.3k12019) | answered Jun 07 '11, 5:40 a.m.
This is the exact behaviour that we experienced when users were entering their usernames in a different case to that of the username in the repository.

There is a property that you can change in both the JTS and CCM administration pages. Go to /jts/admin and /ccm/admin then "Advanced Properties". Search for the property "Use case insensitive user ID matching" and change it from false to true.

RTC should then match you up to the correct user/permissions in the repository (you might need to logout or restart the server for the changes to take effect).



One additional oddity -- my new user is "kadmin". When I log into JTS with those credentials, all is well. When I log into RTC admin, it logs me in as ADMIN. And I do not see "kadmin" in the list of RTC users, although I assigned an RTC Developer license.

permanent link
Ralph Schoon (63.3k33646) | answered Jun 07 '11, 6:12 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
Hi,

this might also be an issue due to setup or something else. there is another thread that experiences it: https://jazz.net/forums/viewtopic.php?t=17417

I have seen another one recently. All seem to have to do with an issue between the RTC CCM application and the JTS server application. The last symptom, that you see the user in JTS but not in CCM also points to this fact: the registration between JTS and CCM did fail or was destroyed.

Can you run the diagnostics in /jts/admin? You might also wan to open a work item.

Thanks,

Ralph

I have RTC 3.0 installed w/ Derby and Tomcat. My RTC user is a JazzAdmin, JazzDWAdmin, and JazzProjectAdmin. He is able to admin the JTS server and users, and the RTC application. However, when I go to the RTC User admin view and try to view User details, I get an error:

"The user configured to perform the request :https://rtcserver.ibm.com:9443/jts/service/com.ibm.team.repository.service.internal.IExternalUserRegistryRestService/isExternalRegistryWriteable" on the JTS is not authorized. There may not be a functional user configured for the oauth consumer, or the functional user that is configured does not have sufficient privileges to perform the requested operation. Connection Error: UnauthorizedID CRJAZ1832E
com.ibm.team.repository.common.TeamRepositoryException"

And when I try to create a Project, I get the same error, but with com.ibm.team.repository.common.LicenseNotGrantedException

I discovered my user had a disabled trial license, so switched him to a "real" license - authorized RTC Developer CAL. Restarted JTS. Still the same behaviour.

This is on a VMware image; changing the CAL was successful for a colleague using a copy of the same image.

Suggestions?
Kathryn

permanent link
Kathryn Fryer (503147) | answered Jun 07 '11, 10:24 a.m.
I changed the case sensitivity. I also discovered a functional userid defined for the RTC consumer in JTS; the userid was not in the directory. I removed it. But that didn't resolve the problem. Should there be a functional userid?

in JTS, RTC is configured as a trusted consumer, but does not show up as a friend. Adding it as a friend fails w/ message it is already registered. In RTC, JTS is a trusted consumer (no functional id) and as a friend.

I can't find any option to run diagnostics, nor is there any info in the help. How do I run this?

Should I un-register RTC and re-register it?

permanent link
Ralph Schoon (63.3k33646) | answered Jun 07 '11, 10:59 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
Hi,

the technical user ID does not need to be in the directory.
you can go to https://server:port/jts/admin#action=jazz.viewPage&id=com.ibm.team.repository.server

There you find diagnostics: https://server:port/jts/admin#action=com.ibm.team.repository.admin.serverDiagnostics

I am not sure how to fix it. The registration should have created the required communication links.

Ralph

I changed the case sensitivity. I also discovered a functional userid defined for the RTC consumer in JTS; the userid was not in the directory. I removed it. But that didn't resolve the problem. Should there be a functional userid?

in JTS, RTC is configured as a trusted consumer, but does not show up as a friend. Adding it as a friend fails w/ message it is already registered. In RTC, JTS is a trusted consumer (no functional id) and as a friend.

I can't find any option to run diagnostics, nor is there any info in the help. How do I run this?

Should I un-register RTC and re-register it?

permanent link
Ralph Schoon (63.3k33646) | answered Jun 07 '11, 11:22 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
Hi,

Unregister and register again could loose data, I belive. You should create a PMR or work item to talk to development.

Thanks,

Ralph

I changed the case sensitivity. I also discovered a functional userid defined for the RTC consumer in JTS; the userid was not in the directory. I removed it. But that didn't resolve the problem. Should there be a functional userid?

in JTS, RTC is configured as a trusted consumer, but does not show up as a friend. Adding it as a friend fails w/ message it is already registered. In RTC, JTS is a trusted consumer (no functional id) and as a friend.

I can't find any option to run diagnostics, nor is there any info in the help. How do I run this?

Should I un-register RTC and re-register it?

permanent link
Kathryn Fryer (503147) | answered Jun 07 '11, 12:47 p.m.

There you find diagnostics: https://server:port/jts/admin#action=com.ibm.team.repository.admin.serverDiagnostics


When I enter this URL, I get "Error! Action specified is invalid". On the server admin page, there are no entries pertaining to diagnostics.

permanent link
Ralph Schoon (63.3k33646) | answered Jun 08 '11, 12:44 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
Hi Kathryn,

sorry, that action is new in 3.0.1. sorry, I confused the versions.

Ralph


There you find diagnostics: https://server:port/jts/admin#action=com.ibm.team.repository.admin.serverDiagnostics


When I enter this URL, I get "Error! Action specified is invalid". On the server admin page, there are no entries pertaining to diagnostics.

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.