RTC authentication using OSLC
<DOCTYPE>
<Licensed>
<html>
<head>
<meta>
<meta>
<title></title>
<link>
<link>
<style>
#net-jazz-ajax-NoScriptMessage {
width: 100%;
color: #D0D0D0;
font-size: 2em;
text-align: center;
position: absolute;
top: 1%;
z-index: 999;
}
</style>
</head>
<body>
<noscript><div>Javascript is either disabled or not available in your Browser</div></noscript>
<div>Loading...</div>
<div></div>
<script>
djConfig = {
isDebug: false,
usePlainJson: true,
baseUrl: "/ccm/web/dojo/",
locale: "en-us",
localizationComplete: true
};
/*null*/
net = {jazz: {ajax: {}}};
net.jazz.ajax._contextRoot = "/ccm";
net.jazz.ajax._webuiPrefix = "/web/";
</script>
<script></script>
<script>
/* <CDATA> */
</script>
<script>
/* <CDATA> */
</script>
</body>
</html>
One answer
The tricky thing about WAS is that it caches copies of an application's war file contents in a few places, so you can't just edit one file to make a change. There is an (old) article on how to make changes to the web.xml file for an application deployed in WAS at https://jazz.net/library/article/76
Sorry I can't give you more specific steps. You can always create a support request if you don't feel like experimenting.
Comments
Oh, and you can't have both Basic and Form authentication enabled at the same time (I don't think). So if you're only thinking of doing this to make it easier to send OSLC requests from the Firefox Poster plug-in, I would seriously consider whether it is worth changing the login experience for all your users just for that convenience.
Hi John, this is not a matter of making it convenient for Poster. It is for the external BMC Remedy Integration Layer to communicate with RTC web server using Basic Authentication and OSLC. If I look at https://jazz.net/library/article/75, it specifically says "Next, add in a section like the following and provide a realm name for your server" (in the middle of the page) which suggests RTC web server can support both FORM and BASIC authentication. Can you confirm with certainty whether or not these modes are mutually exclusive? When you open the log in page to ccm (e.g. https://<server>/ccm/web/console), doesn't the log-in page use form based authentication? If you have just BASIC turned on, what does it do to this page?
Hi John, this is not a matter of making it convenient for Poster. It is for the external BMC Remedy Integration Layer to communicate with RTC web server using Basic Authentication and OSLC. If I look at https://jazz.net/library/article/75, it specifically says "Next, add in a section like the following and provide a realm name for your server" (in the middle of the page) which suggests RTC web server can support both FORM and BASIC authentication.
But just before that, it says to comment out the form authentication configuration section.
Can you confirm with certainty whether or not these modes are mutually exclusive?
Yes, you cannot have two login-config sections.
When you open the log in page to ccm (e.g. https://<server>/ccm/web/console), doesn't the log-in page use form based authentication? If you have just BASIC turned on, what does it do to this page?
You're not directly opening "the log in page to ccm"; you're just going to the web UI, and if login is needed, the application server will handle it. If form authentication is configured, it will show the designated form (that we provide in the RTC server), and if basic authentication is configured, the browser will prompt you for a username and password.
Thanks John, can you confirm which jazz article describes the steps to set up Basic Authentication. We tried to use 64 (https://jazz.net/library/article/64) but ran into issue with LDAP after deploying the new WAR. This article seems more dated than https://jazz.net/library/article/75 and both reference Tomcat (not WebSphere). Please confirm what article to use to set up Basic Authentication with IHS and WAS.
Also, we didn't run into this issue with ITSM and ClearQuest CM Server integration using OSLC? CQ CM also uses IHS and WAS. Do we use form based authentication mode there but it also supports a way to pass credential in the request header somehow?
For folks following this thread, you need to do the following (thanks
for tracking this down, Boris!).
I'll submit a work item to get article 75 updated.
Cheers,
Geoff
Follow the procedure defined in:
https://jazz.net/library/article/75
ignoring the Tomcat parts (i.e., ignore the
org.apache.catalina.authenticator.FormAuthenticator stuff).
But there is a trick.
Do the following in the web.xml of JTS and CCM/RTC:
Websphere caches the web.xml in several places. So without having to
unpack jts.war and ccm.war modify the web.xml and redeploy you can:
1. Shutdown Websphere
2. delete the contents of the wstemp and temp directories in the
Websphere profile. For example:
C:\Program Files\IBM\WebSphere\AppServer\profiles\AppSrv01\temp
C:\Program Files\IBM\WebSphere\AppServer\profiles\AppSrv01\wstemp
3. Modify the web.xml in, for example:
C:\Program
Files\IBM\WebSphere\AppServer\profiles\AppSrv01\installedApps\LIBPOCNode01Cell\jts_war.ear\jts.war\WEB-INF\web.xml
and
C:\Program
Files\IBM\WebSphere\AppServer\profiles\AppSrv01\installedApps\LIBPOCNode01Cell\ccm_war.ear\ccm.war\WEB-INF\web.xml
BUT ALSO in the same way:
C:\Program
Files\IBM\WebSphere\AppServer\profiles\AppSrv01\config\cells\LIBPOCNode01Cell\applications\ccm_war.ear\deployments\ccm_war\ccm.war\WEB-INF\web.xml
C:\Program
Files\IBM\WebSphere\AppServer\profiles\AppSrv01\config\cells\LIBPOCNode01Cell\applications\jts_war.ear\deployments\jts_war\jts.war\WEB-INF\web.xml
so that you uncomment the BASIC config and comment the form config:
<login>
<auth>BASIC</auth>
<realm>Jazz</realm>
</login>
<!--
<login>
<auth>FORM</auth>
<form>
<form>/auth/authrequired</form>
<form>/auth/authfailed</form>
</form>
</login>
-->
4. Restart Websphere. Done!
1 vote
Comments
John Vasta
FORUM MODERATOR / JAZZ DEVELOPER Mar 27 '13, 9:03 a.m.Did you configure your RTC server for Basic authentication? The default is Form authentication.
Gary Dang
Mar 27 '13, 9:11 a.m.Hi John, I am not able to find the steps to configure RTC server (we are using v3.0.1) for Basic authentication (note: we are using IHS and WAS). This outdated link https://jazz.net/library/article/64 is for IHS and Tomcat. Can you send me the link to configure RTC v3.0.1 (IHS + WAS) to support Basic Authentication.
Gary Dang
Mar 27 '13, 9:05 a.m.Hi John, I found this article (https://jazz.net/library/article/75) that discusses about configuring BASIC Authentication but it's the Tomcat flavor instead of WAS. Can you comment on the WAS specific steps? Also, can you confirm that we can have both authentication methods (FORM and BASIC) and they are not mutually exclusive?
John Vasta
FORUM MODERATOR / JAZZ DEVELOPER Mar 27 '13, 9:15 a.m.I believe the article I referenced in my earlier posting, https://jazz.net/library/article/76, describes a way to update the web.xml file for an application without having to manually update all the cached copies of it.