Setting up authentication for dependency builds

You can select the authentication type to use for dependency builds. The default is user ID and password authentication, but you can select other types of authentication instead.

About this task

Dependency build engines run on System z® or IBM® i. You can configure authentication for the Rational® Build Agent build engines that are used for dependency builds that run on WebSphere Application Server version 8.5 or later.

Procedure

  1. Set the authentication method for dependency builds by setting properties and values in one or more of these places:
    • The Startbfa.sh script. For the configuration information, see the comments in the script.
    • The Properties table of the build engine.
    • The Properties table of the build definition or invocation dialog.
  2. Set the JAZZ_AUTH_METHOD property to one of these values:
    • USERNAME_PASSWORD_POLICY
    • CERTIFICATE_FILE_POLICY
    • KERBEROS_POLICY
  3. Depending on which value you select for the JAZZ_AUTH_METHOD property, you must provide more information:
    USERNAME_PASSWORD_POLICY
    Specify the JAZZ_USER and the JAZZ_PASSWORD_FILE properties and values to identify the user ID and password that must be used to access the build engine. USERNAME_PASSWORD_POLICY is the default authentication method for dependency builds.
    CERTIFICATE_FILE_POLICY
    Specify the JAZZ_CERTIFICATE_FILE and the JAZZ_PASSWORD_FILE properties and values to identify the location of the certificate file and the password that accesses the build engine.
    KERBEROS_POLICY
    Specify the JAZZ_USER and the JAZZ_PASSWORD_FILE properties and values to identify the user ID and password that must be used to access the build engine. You can set these values in either the script that starts the build engine or as a properties in the build definition itself.
    Note: In addition, you must set the following standard system properties in the Java VM arguments of the build definition:
    -Djava.security.krb5.realm
    Use this property to provide the realm (sometimes know as Kerberos domain name) to which you want to connect the client.
    -Djava.security.krb5.kdc
    Set this property to the host name of the Key Distribution Center (KDC) or a Microsoft Active Directory server to which you want to connect the client. Optionally, you can include the port if your server does not use the default port.
    -Djava.security.krb5.conf
    Instead of setting -Djava.security.krb5.realm and -Djava.security.krb5.kdc, you can provide a path to a krb5.conf file, which can include other configuration properties in addition to these properties.
    For more information, see Jazz client configuration.
    Important: The values for the properties that you specify must match the values that are configured for WebSphere Application Server. To determine how to configure the server, ask the system administrator.

video icon Video

Jazz.net channel
Software Education channel

learn icon Courses

IoT Academy
Skills Gateway

ask icon Community

Jazz.net
Jazz.net forums
Jazz.net library

support icon Support

IBM Support Community
Deployment wiki