user not authorized
I have RTC 3.0 installed w/ Derby and Tomcat. My RTC user is a JazzAdmin, JazzDWAdmin, and JazzProjectAdmin. He is able to admin the JTS server and users, and the RTC application. However, when I go to the RTC User admin view and try to view User details, I get an error:
"The user configured to perform the request :https://rtcserver.ibm.com:9443/jts/service/com.ibm.team.repository.service.internal.IExternalUserRegistryRestService/isExternalRegistryWriteable" on the JTS is not authorized. There may not be a functional user configured for the oauth consumer, or the functional user that is configured does not have sufficient privileges to perform the requested operation. Connection Error: UnauthorizedID CRJAZ1832E
com.ibm.team.repository.common.TeamRepositoryException"
And when I try to create a Project, I get the same error, but with com.ibm.team.repository.common.LicenseNotGrantedException
I discovered my user had a disabled trial license, so switched him to a "real" license - authorized RTC Developer CAL. Restarted JTS. Still the same behaviour.
This is on a VMware image; changing the CAL was successful for a colleague using a copy of the same image.
Suggestions?
Kathryn
"The user configured to perform the request :https://rtcserver.ibm.com:9443/jts/service/com.ibm.team.repository.service.internal.IExternalUserRegistryRestService/isExternalRegistryWriteable" on the JTS is not authorized. There may not be a functional user configured for the oauth consumer, or the functional user that is configured does not have sufficient privileges to perform the requested operation. Connection Error: UnauthorizedID CRJAZ1832E
com.ibm.team.repository.common.TeamRepositoryException"
And when I try to create a Project, I get the same error, but with com.ibm.team.repository.common.LicenseNotGrantedException
I discovered my user had a disabled trial license, so switched him to a "real" license - authorized RTC Developer CAL. Restarted JTS. Still the same behaviour.
This is on a VMware image; changing the CAL was successful for a colleague using a copy of the same image.
Suggestions?
Kathryn
13 answers
One possibility: are you entering the username in the correct case?
Tomcat will authenticate the user name in a case-insensitive manner, however by default RTC does a case-sensitive lookup of the user name in the database. This can manifest itself as users being able to login but having no licenses/permissions within the application itself.
Tomcat will authenticate the user name in a case-insensitive manner, however by default RTC does a case-sensitive lookup of the user name in the database. This can manifest itself as users being able to login but having no licenses/permissions within the application itself.
I have RTC 3.0 installed w/ Derby and Tomcat. My RTC user is a JazzAdmin, JazzDWAdmin, and JazzProjectAdmin. He is able to admin the JTS server and users, and the RTC application. However, when I go to the RTC User admin view and try to view User details, I get an error:
"The user configured to perform the request :https://rtcserver.ibm.com:9443/jts/service/com.ibm.team.repository.service.internal.IExternalUserRegistryRestService/isExternalRegistryWriteable" on the JTS is not authorized. There may not be a functional user configured for the oauth consumer, or the functional user that is configured does not have sufficient privileges to perform the requested operation. Connection Error: UnauthorizedID CRJAZ1832E
com.ibm.team.repository.common.TeamRepositoryException"
And when I try to create a Project, I get the same error, but with com.ibm.team.repository.common.LicenseNotGrantedException
I discovered my user had a disabled trial license, so switched him to a "real" license - authorized RTC Developer CAL. Restarted JTS. Still the same behaviour.
This is on a VMware image; changing the CAL was successful for a colleague using a copy of the same image.
Suggestions?
Kathryn
This is the exact behaviour that we experienced when users were entering their usernames in a different case to that of the username in the repository.
There is a property that you can change in both the JTS and CCM administration pages. Go to /jts/admin and /ccm/admin then "Advanced Properties". Search for the property "Use case insensitive user ID matching" and change it from false to true.
RTC should then match you up to the correct user/permissions in the repository (you might need to logout or restart the server for the changes to take effect).
There is a property that you can change in both the JTS and CCM administration pages. Go to /jts/admin and /ccm/admin then "Advanced Properties". Search for the property "Use case insensitive user ID matching" and change it from false to true.
RTC should then match you up to the correct user/permissions in the repository (you might need to logout or restart the server for the changes to take effect).
One additional oddity -- my new user is "kadmin". When I log into JTS with those credentials, all is well. When I log into RTC admin, it logs me in as ADMIN. And I do not see "kadmin" in the list of RTC users, although I assigned an RTC Developer license.
Hi,
this might also be an issue due to setup or something else. there is another thread that experiences it: https://jazz.net/forums/viewtopic.php?t=17417
I have seen another one recently. All seem to have to do with an issue between the RTC CCM application and the JTS server application. The last symptom, that you see the user in JTS but not in CCM also points to this fact: the registration between JTS and CCM did fail or was destroyed.
Can you run the diagnostics in /jts/admin? You might also wan to open a work item.
Thanks,
Ralph
this might also be an issue due to setup or something else. there is another thread that experiences it: https://jazz.net/forums/viewtopic.php?t=17417
I have seen another one recently. All seem to have to do with an issue between the RTC CCM application and the JTS server application. The last symptom, that you see the user in JTS but not in CCM also points to this fact: the registration between JTS and CCM did fail or was destroyed.
Can you run the diagnostics in /jts/admin? You might also wan to open a work item.
Thanks,
Ralph
I have RTC 3.0 installed w/ Derby and Tomcat. My RTC user is a JazzAdmin, JazzDWAdmin, and JazzProjectAdmin. He is able to admin the JTS server and users, and the RTC application. However, when I go to the RTC User admin view and try to view User details, I get an error:
"The user configured to perform the request :https://rtcserver.ibm.com:9443/jts/service/com.ibm.team.repository.service.internal.IExternalUserRegistryRestService/isExternalRegistryWriteable" on the JTS is not authorized. There may not be a functional user configured for the oauth consumer, or the functional user that is configured does not have sufficient privileges to perform the requested operation. Connection Error: UnauthorizedID CRJAZ1832E
com.ibm.team.repository.common.TeamRepositoryException"
And when I try to create a Project, I get the same error, but with com.ibm.team.repository.common.LicenseNotGrantedException
I discovered my user had a disabled trial license, so switched him to a "real" license - authorized RTC Developer CAL. Restarted JTS. Still the same behaviour.
This is on a VMware image; changing the CAL was successful for a colleague using a copy of the same image.
Suggestions?
Kathryn
I changed the case sensitivity. I also discovered a functional userid defined for the RTC consumer in JTS; the userid was not in the directory. I removed it. But that didn't resolve the problem. Should there be a functional userid?
in JTS, RTC is configured as a trusted consumer, but does not show up as a friend. Adding it as a friend fails w/ message it is already registered. In RTC, JTS is a trusted consumer (no functional id) and as a friend.
I can't find any option to run diagnostics, nor is there any info in the help. How do I run this?
Should I un-register RTC and re-register it?
in JTS, RTC is configured as a trusted consumer, but does not show up as a friend. Adding it as a friend fails w/ message it is already registered. In RTC, JTS is a trusted consumer (no functional id) and as a friend.
I can't find any option to run diagnostics, nor is there any info in the help. How do I run this?
Should I un-register RTC and re-register it?
Hi,
the technical user ID does not need to be in the directory.
you can go to https://server:port/jts/admin#action=jazz.viewPage&id=com.ibm.team.repository.server
There you find diagnostics: https://server:port/jts/admin#action=com.ibm.team.repository.admin.serverDiagnostics
I am not sure how to fix it. The registration should have created the required communication links.
Ralph
the technical user ID does not need to be in the directory.
you can go to https://server:port/jts/admin#action=jazz.viewPage&id=com.ibm.team.repository.server
There you find diagnostics: https://server:port/jts/admin#action=com.ibm.team.repository.admin.serverDiagnostics
I am not sure how to fix it. The registration should have created the required communication links.
Ralph
I changed the case sensitivity. I also discovered a functional userid defined for the RTC consumer in JTS; the userid was not in the directory. I removed it. But that didn't resolve the problem. Should there be a functional userid?
in JTS, RTC is configured as a trusted consumer, but does not show up as a friend. Adding it as a friend fails w/ message it is already registered. In RTC, JTS is a trusted consumer (no functional id) and as a friend.
I can't find any option to run diagnostics, nor is there any info in the help. How do I run this?
Should I un-register RTC and re-register it?
Hi,
Unregister and register again could loose data, I belive. You should create a PMR or work item to talk to development.
Thanks,
Ralph
Unregister and register again could loose data, I belive. You should create a PMR or work item to talk to development.
Thanks,
Ralph
I changed the case sensitivity. I also discovered a functional userid defined for the RTC consumer in JTS; the userid was not in the directory. I removed it. But that didn't resolve the problem. Should there be a functional userid?
in JTS, RTC is configured as a trusted consumer, but does not show up as a friend. Adding it as a friend fails w/ message it is already registered. In RTC, JTS is a trusted consumer (no functional id) and as a friend.
I can't find any option to run diagnostics, nor is there any info in the help. How do I run this?
Should I un-register RTC and re-register it?
Hi Kathryn,
sorry, that action is new in 3.0.1. sorry, I confused the versions.
Ralph
When I enter this URL, I get "Error! Action specified is invalid". On the server admin page, there are no entries pertaining to diagnostics.
sorry, that action is new in 3.0.1. sorry, I confused the versions.
Ralph
There you find diagnostics: https://server:port/jts/admin#action=com.ibm.team.repository.admin.serverDiagnostics
When I enter this URL, I get "Error! Action specified is invalid". On the server admin page, there are no entries pertaining to diagnostics.
page 1of 1 pagesof 2 pages