It's all about the answers!

Ask a question

RTC authentication using OSLC


Gary Dang (59338955) | asked Oct 22 '11, 10:28 a.m.
When posting an XML request using OSLC to RTC v3.0.1 server via FireFox Poster, it appears that the RTC server is not accepting the user/password specified in the Poster dialog. The response (200 OK) we get is the following. However, if I authenticate to RTC first in a FF browser session, then Poster works fine and I get a OSLC response (201) because it is using the authenticated session from browser instead. So, it appears that our RTC server is not accepting BASIC AUTH from the Poster dialog. Because of this issue, our integration program is also failing with the same behavior as well. We need to know how to pass authentication credential programmatically.

<DOCTYPE>

<Licensed>

<html>

<head>
<meta>
<meta>
<title></title>

<link>
<link>

<style>
#net-jazz-ajax-NoScriptMessage {
width: 100%;
color: #D0D0D0;
font-size: 2em;
text-align: center;
position: absolute;
top: 1%;
z-index: 999;
}
</style>

</head>

<body>
<noscript><div>Javascript is either disabled or not available in your Browser</div></noscript>
<div>Loading...</div>
<div></div>

<script>
djConfig = {
isDebug: false,
usePlainJson: true,
baseUrl: "/ccm/web/dojo/",
locale: "en-us",
localizationComplete: true
};
/*null*/
net = {jazz: {ajax: {}}};
net.jazz.ajax._contextRoot = "/ccm";
net.jazz.ajax._webuiPrefix = "/web/";
</script>

<script></script>


<script>
/* <CDATA> */
</script>

<script>
/* <CDATA> */
</script>
</body>
</html>

Comments
John Vasta commented Oct 24 '11, 9:56 a.m. | edited Mar 27 '13, 9:03 a.m.
FORUM MODERATOR / JAZZ DEVELOPER

Did you configure your RTC server for Basic authentication? The default is Form authentication.


Gary Dang commented Oct 24 '11, 10:04 a.m. | edited Mar 27 '13, 9:11 a.m.

Hi John, I am not able to find the steps to configure RTC server (we are using v3.0.1) for Basic authentication (note: we are using IHS and WAS). This outdated link https://jazz.net/library/article/64 is for IHS and Tomcat. Can you send me the link to configure RTC v3.0.1 (IHS + WAS) to support Basic Authentication.


Gary Dang commented Oct 24 '11, 11:20 a.m. | edited Mar 27 '13, 9:05 a.m.

Hi John, I found this article (https://jazz.net/library/article/75) that discusses about configuring BASIC Authentication but it's the Tomcat flavor instead of WAS. Can you comment on the WAS specific steps? Also, can you confirm that we can have both authentication methods (FORM and BASIC) and they are not mutually exclusive?


John Vasta commented Oct 27 '11, 9:45 a.m. | edited Mar 27 '13, 9:15 a.m.
FORUM MODERATOR / JAZZ DEVELOPER

I believe the article I referenced in my earlier posting, https://jazz.net/library/article/76, describes a way to update the web.xml file for an application without having to manually update all the cached copies of it.

One answer



permanent link
John Vasta (2.6k15) | answered Oct 24 '11, 3:00 p.m.
FORUM MODERATOR / JAZZ DEVELOPER
edited Mar 27 '13, 9:11 a.m. by Geoffrey Clemm (30.1k33035)
I am by no means a WAS expert (far from it), but I think that authentication is essentially an application attribute, so it's basically the web.xml files you need to update. (There are some extra things for Tomcat that are mentioned in the articles you referenced.)

The tricky thing about WAS is that it caches copies of an application's war file contents in a few places, so you can't just edit one file to make a change. There is an (old) article on how to make changes to the web.xml file for an application deployed in WAS at https://jazz.net/library/article/76

Sorry I can't give you more specific steps. You can always create a support request if you don't feel like experimenting.


Comments
John Vasta commented Oct 24 '11, 3:04 p.m. | edited Mar 27 '13, 9:08 a.m.
FORUM MODERATOR / JAZZ DEVELOPER

Oh, and you can't have both Basic and Form authentication enabled at the same time (I don't think). So if you're only thinking of doing this to make it easier to send OSLC requests from the Firefox Poster plug-in, I would seriously consider whether it is worth changing the login experience for all your users just for that convenience.


Gary Dang commented Oct 24 '11, 3:21 p.m. | edited Mar 27 '13, 10:10 a.m.

Hi John, this is not a matter of making it convenient for Poster. It is for the external BMC Remedy Integration Layer to communicate with RTC web server using Basic Authentication and OSLC. If I look at https://jazz.net/library/article/75, it specifically says "Next, add in a section like the following and provide a realm name for your server" (in the middle of the page) which suggests RTC web server can support both FORM and BASIC authentication. Can you confirm with certainty whether or not these modes are mutually exclusive? When you open the log in page to ccm (e.g. https://<server>/ccm/web/console), doesn't the log-in page use form based authentication? If you have just BASIC turned on, what does it do to this page?


John Vasta commented Oct 24 '11, 5:24 p.m. | edited Mar 27 '13, 9:09 a.m.
FORUM MODERATOR / JAZZ DEVELOPER
Hi John, this is not a matter of making it convenient for Poster. It is for the external BMC Remedy Integration Layer to communicate with RTC web server using Basic Authentication and OSLC. If I look at https://jazz.net/library/article/75, it specifically says "Next, add in a section like the following and provide a realm name for your server" (in the middle of the page) which suggests RTC web server can support both FORM and BASIC authentication.



But just before that, it says to comment out the form authentication configuration section.

Can you confirm with certainty whether or not these modes are mutually exclusive?


Yes, you cannot have two login-config sections.

When you open the log in page to ccm (e.g. https://<server>/ccm/web/console), doesn't the log-in page use form based authentication? If you have just BASIC turned on, what does it do to this page?


You're not directly opening "the log in page to ccm"; you're just going to the web UI, and if login is needed, the application server will handle it. If form authentication is configured, it will show the designated form (that we provide in the RTC server), and if basic authentication is configured, the browser will prompt you for a username and password.


Gary Dang commented Oct 24 '11, 6:00 p.m. | edited Mar 27 '13, 9:15 a.m.

Thanks John, can you confirm which jazz article describes the steps to set up Basic Authentication. We tried to use 64 (https://jazz.net/library/article/64) but ran into issue with LDAP after deploying the new WAR. This article seems more dated than https://jazz.net/library/article/75 and both reference Tomcat (not WebSphere). Please confirm what article to use to set up Basic Authentication with IHS and WAS.

Also, we didn't run into this issue with ITSM and ClearQuest CM Server integration using OSLC? CQ CM also uses IHS and WAS. Do we use form based authentication mode there but it also supports a way to pass credential in the request header somehow?


1
Geoffrey Clemm commented Oct 26 '11, 12:23 a.m. | edited Mar 27 '13, 9:13 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER

For folks following this thread, you need to do the following (thanks
for tracking this down, Boris!).

I'll submit a work item to get article 75 updated.

Cheers,
Geoff




Follow the procedure defined in:
https://jazz.net/library/article/75
ignoring the Tomcat parts (i.e., ignore the
org.apache.catalina.authenticator.FormAuthenticator stuff).

But there is a trick.
Do the following in the web.xml of JTS and CCM/RTC:

Websphere caches the web.xml in several places. So without having to
unpack jts.war and ccm.war modify the web.xml and redeploy you can:

1. Shutdown Websphere
2. delete the contents of the wstemp and temp directories in the
Websphere profile. For example:
C:\Program Files\IBM\WebSphere\AppServer\profiles\AppSrv01\temp
C:\Program Files\IBM\WebSphere\AppServer\profiles\AppSrv01\wstemp

3. Modify the web.xml in, for example:
C:\Program
Files\IBM\WebSphere\AppServer\profiles\AppSrv01\installedApps\LIBPOCNode01Cell\jts_war.ear\jts.war\WEB-INF\web.xml
and
C:\Program
Files\IBM\WebSphere\AppServer\profiles\AppSrv01\installedApps\LIBPOCNode01Cell\ccm_war.ear\ccm.war\WEB-INF\web.xml

BUT ALSO in the same way:

C:\Program
Files\IBM\WebSphere\AppServer\profiles\AppSrv01\config\cells\LIBPOCNode01Cell\applications\ccm_war.ear\deployments\ccm_war\ccm.war\WEB-INF\web.xml
C:\Program
Files\IBM\WebSphere\AppServer\profiles\AppSrv01\config\cells\LIBPOCNode01Cell\applications\jts_war.ear\deployments\jts_war\jts.war\WEB-INF\web.xml


so that you uncomment the BASIC config and comment the form config:


<login>
<auth>BASIC</auth>
<realm>Jazz</realm>
</login>
<!--
<login>
<auth>FORM</auth>
<form>
<form>/auth/authrequired</form>
<form>/auth/authfailed</form>
</form>
</login>
-->

4. Restart Websphere. Done!

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.