Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

How can I do the oAuth authentication from another webcontrol

Questions
Tags
Users
Badges
Kangkan Goswami
(15711621) retagged
Jun 25 '12, 5:19 a.m.
I am looking at connecting to Jazz RRC from another web application. My other application is in .NET and c#. I thought of using a web control to implement the UI for displaying requirements etc from Jazz RRC. But first, I need to do the oAuth authentication to connect to RRC.

How to implement the oAuth authentication from a web control? Or is there some other nicer way to do it?

What I tried:

I used the REST Client on Google Chrome and tried to POST the form with username/password to the https://server:port/jts/j_security_check

The headers are:
Accept: application/rdf+xml
Oslc-core-version: 2.0
Content-Type: application/x-www-form-urlencoded

And the content is:
j_username=myUserName&j_password=mypwd

I also tried to set the conten after encoding like: j_username%3DmyUserName%26j_password%3Dmypwd

But I am always getting HTTP/1.1 408 Request Timeout

0 votes

6 answers
10,936 views
0 votes

Accepted answer

Permanent link
Sean G Wilbur
JAZZ DEVELOPER (87222421) Jun 12 '12, 9:43 a.m.
 The OSLC workshop is a great chance to see how this can be used, but as you have seen this is written in Java and the OSLC wiki examples are using curl, but you will notice that they all share the same algorithm.

 1. Request a secured resource to setup session and cookies. ( for instance https://server:port/ccm/authenticated/identity )
 2. For FORM auth, use the response from one to get the cookies, and post to j_security_check (aka https://server:port/ccm/authenticated/j_security_check )
3. Verify you have authenticated, by ensuring the headers are not still requiring login. ( check reponse for x-com-ibm-team-repository-web-auth-msg )

Python version:
    def __login__(self):
        # Grab secured resource to initiate login
        response, content = self.http.request( self.base_url + "/authenticated/identity", 'GET', headers=self.headers)
        
        if response.__contains__('x-com-ibm-team-repository-web-auth-msg'):
        
            if response['x-com-ibm-team-repository-web-auth-msg'] != 'authrequired':
                raise Exception("Server error authenticating: " + response.__str__())
            
            # TODO: Post login information, Jazz uses j_security_check for FORM auth.
            response, content = self.http.request(self.base_url+'/authenticated/j_security_check' , 'POST',
                                headers=self.headers, body=urllib.urlencode({'j_username': self.user, 'j_password': self.password}))
            
            # Confirm that we are connected, and can grab the secure resource now      
            response, content = self.http.request( self.base_url + "/authenticated/identity", 'GET', headers=self.headers)
            
            if response.__contains__('x-com-ibm-team-repository-web-auth-msg'):
                raise Exception("Login was not successful, server response: " + response.__str__() )


  -Sean

Kangkan Goswami selected this answer as the correct answer

2 votes

Comments
Kangkan Goswami
Jun 13 '12, 2:59 a.m.

@SeanWilbur: Great buddy. This works for me. But, once authenticated, further request to any other secured resource is failing - either a 401 Unauthorised, or request timed out. I wanted to capture the token and token secret when I authenticate. How can I do that?

Donald Mason
Feb 04 '13, 2:04 p.m.

I am having this same issue, I do a get and get challenged, I send the POST and it shows that I have credentials, but on my next get, I again have no authorization.  In another post someone mentioned it may be because the RTC server that I am using is  running Tomcat instead of WebSphere.

Has this been answered or solved?
Don
 

Ian Barnard
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER Jun 25 '21, 12:57 p.m.

Today in 2021 you would use a requests session for all http operations because this propagates the (successful) authentication cookies to all subsequent get/put/post etc.

5 other answers

Permanent link
Arne Bister
JAZZ DEVELOPER (2.6k12832) Jun 11 '12, 4:42 a.m.
In the OSCL Workshop for Jazz there are freely downloadable lab exercises. Does Lab 6.3 - Jazz form based authentication - answer your question?

- Arne

2 votes

Comments
Kangkan Goswami
Jun 11 '12, 4:51 a.m.

My client is in .NET. I am not sure, if that will work. I shall try out.

Kangkan Goswami
Jun 12 '12, 1:18 a.m.

@ArneBister: I tried the form based authentication. But seems, I am missing something. I have updated my post with what I have tried. Can you please look at that and help me?

Permanent link
Arne Bister
JAZZ DEVELOPER (2.6k12832) edited
Jun 12 '12, 4:11 a.m.
Hi,

apparently somebody else had the same problem, eventually solved it and posted it to this website including code snippet for .NET oAuth login vs. RRC.

- Arne

P.S.: keep in mind these changes for oAuth starting with RTC 3.0.1
P.P.S.: in case you use non-secure http or JTS and RRC are on different servers, be sure to also scan this technote.

1 vote

Comments
Kangkan Goswami
Jun 12 '12, 3:43 a.m.

@ArneBister: Thanks for digging into. The post that you are referring to with .NET code snippet is written by me. That I did from a windows app and it uses a browser window to login. The same technique can not be used when calling from a web application. So, I wanted to try something different and the form base authentication is good, I felt. However, I am not being able to get positive result so far.

Permanent link
Arne Bister
JAZZ DEVELOPER (2.6k12832) Jun 12 '12, 4:14 a.m.
@KangkanGoswami: Ok, this makes it doubly ironic so I edited my comment. I will try and get you in touch with the right info. Unfortunately, I do not have the cycles to dig in deep myself right now - I thought I would get by with copy&paste so it serves me right that I ended up feeding an author with his own link.

The solution is out there. We will find it.

- Arne

0 votes

Comments
Kangkan Goswami
Jun 12 '12, 4:16 a.m.

@ArneBister: I am sure, there is some roadblock and I am not able to see the road properly. With light from all of you, we shall reach where we intend to go.

Krishna Kishore
JAZZ DEVELOPER Jun 19 '12, 2:27 a.m.

@KangkanGoswami The article http://phkrief.wordpress.com/2010/09/15/jazz-form-based-authentication/ describes the process for Jazz Form-based Authentication. The steps are the same for .NET. One you get the OAuth Url, open it in a WebBrowser control, and onces the user logs in trap the Document Closing event and get the Cookie. This Cookie can be used to access the actual resource url. We are in a process of creating a sample application .NET, will update you once its ready.

Permanent link
Donald Mason
(5155) Feb 04 '13, 1:59 p.m.
I am trying to get this to work, but I am having the same problem described by @KangkanGoswami in the last solution comment above:

@SeanWilbur: Great buddy. This works for me. But, once authenticated, further request to any other secured resource is failing - either a 401 Unauthorised, or request timed out. I wanted to capture the token and token secret when I authenticate. How can I do that?

Has this been worked out and if so, how?

Thanks, Don

0 votes

Comments
Izumi Satoh
Mar 09 '13, 2:33 p.m.

 I'm facing the same problem using RDM4.0.1 on tomcat.

Have you solved this problem? I really want to know how to do it.

I tried the same procedure using RESTClient in firefox, and it successfully accessed to a secured resource after authentication.
I checked the differences of response headers between them, then I found that after the following execution the status code in my program showed 200, but returned cookie was only one, on the other hand, the number of cookies in RESTClient was 4.

>2. For FORM auth, use the response from one to get the cookies, and post to >j_security_check (akahttps://server:port/ccm/authenticated/j_security_check )

Any help would be very appreciated.

Permanent link
Izumi Satoh
(2622) Mar 09 '13, 8:36 p.m.
 Finally, I could solve this problem. 
In my case,  it was caused by HttpClient 4.2.3 library's bug.
When "Cookie:" request header was created, it inserted excess "\"characters and the cookie header became incorrect.
I could solve this by adding a new request interceptor to HttpClient so that I could replace the wrong cookie header.

0 votes

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Ask a question
Guidelines
FAQ
Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 516
× 480
× 35

Question asked: Jun 11 '12, 3:05 a.m.

Question was seen: 10,936 times

Last updated: Jun 25 '21, 12:57 p.m.

Confirmation Cancel Confirm