Unable to get CLM/RTC 3.0.1 working with reverse proxy
Hi,
I am having trouble setting up RTC with an Apache reverse proxy in front it. Our environment structure is that we have an apache reverse proxy securing all our internal systems by being the SSL termination point and the context is used to determine which server and system the request will be forwarded to. For eg: https://proxyhost/mail will forward to domino notes; https://proxyhost/lotus/quickr forwards to quickr. I have set up rules to enable forwarding to our Jazz server running on WAS in a similar way and the requests are getting to it. However, I am unable to complete setup of Jazz. Whenever I go to https://proxyhost/jts/setup, I get a screen that says, "The user ID you logged in with is not recognizable. If you used the default ADMIN user to log in, you likely disabled it during the setup. Try again using the new admin user you created during the setup. Try Again" Clicking Try Again does nothing. However, if I go directly to the jazz server (https://jazz:9443/jts/setup), a login screen appears and I am able to login, undertake Step 1 & 2 where I put down https://proxyhost/jts as the public URI and click Next. On clicking Next, my browser then takes me to http://proxyhost/jts/setup#/steps/3 which again shows me the error message above. I have set up federated repositories with our domino server and I am able to log in fine to the WAS admin console as well as the setup app if going directly to the jazz server. I just can't get to it from our reverse proxy. The error in the WAS logs is " 0000001c webapp E com.ibm.ws.webcontainer.webapp.WebApp logServletError SRVE0293E: -: com.ibm.ws.webcontainer.webapp.WebAppErrorReport: CRJAZ1173I Service "com.ibm.team.repository.service.discovery.IDiscoveryService" is not available. " A quick google search found an error with RTC2.0 related to license profiles. At this point, I am assuming the server has trial licenses as I haven't even finished setting it up yet. I can access https://proxyhost/jts/rootservices fine, so I assume that is a non-secured site. If I try to go to https://proxyhost/jts, I get an error message "Error 403: CRJAZ1394E The user ID "user:ldap:389/CN=VMittal,O=organisation" is not a member of any Jazz J2EE roles but must be a member of one to access the repository. " I don't understand why that is being thrown as I have mapped the JAZZAdmins groups to another group of which I am a member. Any ideas on how to resolve this? I don't want to use the server host as the public URI as that URI is not accessible external to our organisation. Cheers, Vivek |
2 answers
Ralph Schoon (63.1k●3●36●46)
| answered Sep 08 '11, 7:49 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER
Hi Vivek,
i have only briefly looked into the examples to setup with a proxy on developerworks and in the library. One step I noticed however is setting up the certification to accept in the proxy server. Please note that, last time I checked, the officially supported proxy with SSL was IBM HTTP Server. Not sure if that has to do with issues with openSSL. If you can login to the server directly going to the URL you want to hide there is certainly a communication issue between the proxy and the jazz server. That might have something to do with the certifications. |
If I try to go to https://proxyhost/jts, I get an error message "Error 403: CRJAZ1394E The user ID "user:ldap:389/CN=VMittal,O=organisation" is not a member of any Jazz J2EE roles but must be a member of one to access the repository. " Is your reverse proxy an authenticating proxy? |
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.