It's all about the answers!

Ask a question

Possible to access and pass user credentials to other Application?


Nils Müller-Sheffer (1136) | asked Aug 01 '12, 11:54 a.m.

Hello,

is it possible to somehow access the username and password typed in the login screen, once they are send to the server (i.e. some server side hook "onLogin")?

We have a use case, where we need to pass on the user credentials to another application (intranet). Since we are currently on Tomcat, I dont see how we could use LTPA (from what I understand that is WAS SSO configuration dependent).

The application we are accessing supports passing username and password (clear text) for authentication. Since both RTC as well as the other app authenticate with ActiveDirectory reusing the credentials from RTC login would work fine ... if we could somehow get a hold of them.

Thanks for any hints.

One answer



permanent link
John Vasta (2.6k15) | answered Aug 02 '12, 9:22 a.m.
FORUM MODERATOR / JAZZ DEVELOPER
Authentication for Jazz-based applications is handled by the application server (Tomcat or WAS), not Jazz code. So the Jazz application code itself cannot get its hands on user credentials. In other words, it's not possible to do what you are asking. See https://jazz.net/library/article/75 for an overview of how authentication works.

Jazz applications use the OAuth protocol for authenticating application-to-application requests, on behalf of the end user. If the application you wish to access supports OAuth, perhaps you could use that approach as well.

Comments
Nils Müller-Sheffer commented Aug 03 '12, 4:12 a.m.

Hi John,

thanks for pointing me to that.

Let's assume we moved to WAS and SSO. How would we get our hands on the LTPA token in order to pass it on to the other application. Is there a way to do that through the API? Or is there a way to read cookies or get direct access to the HTTPServletRequest object?

Just to clarifiy, we do not redirect the user's browser to that other application, but from within RTC need to make a service call to another application (they provide a Java Client API to us which requires a LTPA token to be passed as Java String), using the credentials of the user that is logged on to RTC.

See https://jazz.net/forum/questions/72719/hot-to-get-the-httpservletrequest-object-inside-an-extension this is exactly what we need to do.

Thanks, Nils


John Vasta commented Aug 03 '12, 10:46 a.m.
FORUM MODERATOR / JAZZ DEVELOPER

Sorry, I'm not familiar with WAS/SSO or LTPA tokens.

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.