Package and deployment build authentication

You can select the authentication type to use for package and deployment builds. The default is user ID and password authentication, but you can select other types of authentication instead.
Package and deployment build engines run on System z® or IBM® i. You can configure authentication for Rational® Build Agent build engines that are used for package and deployment builds running with WebSphere Application Server version 8.5 or higher. You set the authentication method for package and deployment builds by setting properties and values in one or more of the following places:
  • Startbfa.sh script - see the comments in the script for configuration information.
  • Properties table of the build engine.
  • Properties table of the package definition or invocation dialog.
  • Properties table of the deployment definition or invocation dialog.
Set the JAZZ_AUTH_METHOD property to one of the following values:
  • USERNAME_PASSWORD_POLICY
  • CERTIFICATE_FILE_POLICY
  • KERBEROS_POLICY
Depending on which value you select for the JAZZ_AUTH_METHOD property, you must provide additional information:
USERNAME_PASSWORD_POLICY
Specify the JAZZ_USER and the JAZZ_PASSWORD_FILE properties and values to identify the user ID and password used to access the build engine. USERNAME_PASSWORD_POLICY is the default authentication method used for dependency builds.
CERTIFICATE_FILE_POLICY
Specify the JAZZ_CERTIFICATE_FILE and the JAZZ_PASSWORD_FILE properties and values to identify the location of the certificate file and the password that accesses the build engine.
KERBEROS_POLICY
Specify the JAZZ_USER and the JAZZ_PASSWORD_FILE properties and values to identify the user ID and password that must be used to access the build engine. You can set these values in either the script that starts the build engine or as a properties in the build definition itself.
Note: In addition, you must set the following standard system properties in the Java VM arguments of the build definition:
-Djava.security.krb5.realm
Use this property to provide the realm (sometimes know as Kerberos domain name) to which you want to connect the client.
-Djava.security.krb5.kdc
Set this property to the host name of the Key Distribution Center (KDC) or a Microsoft Active Directory server to which you want to connect the client. Optionally, you can include the port if your server does not use the default port.
-Djava.security.krb5.conf
Instead of setting -Djava.security.krb5.realm and -Djava.security.krb5.kdc, you can provide a path to a krb5.conf file, which can include other configuration properties in addition to these properties.
For more information, see Jazz client configuration.
Important: The values for the properties you specify must match the values configured for the WebSphere Application Server. Check with your administrator to determine how the server is configured.

video icon Video

Jazz.net channel
Software Education channel

learn icon Courses

IoT Academy
Skills Gateway

ask icon Community

Jazz.net
Jazz.net forums
Jazz.net library

support icon Support

IBM Support Community
Deployment wiki