How to configure Rational Team Concert, Jazz Authentication Server and Squid cache server to work together
Kamal Kumar, Persistent Systems
Last updated: 8 June 2017
Build basis: Rational Team Concert 6.0.4
This document, can be used as an unofficial guide if one wishes to configure Rational Team Concert (RTC), Jazz Authorization Server (JAS) and Squid cache server to work together such that the squid proxy acts as a web accelerator.
- OIDC – Open ID Connect
- JTS – Jazz Team Server
- JSA – Jazz Security Architecture
This document assumes that:
- The user has configured and put to use the:
- OIDC enabled CCM Server
- Jazz Authorization Server (JAS)
- Squid Server
- The Administrator credentials of JAS is [Username / Password]: ADMIN / ADMIN
Regarding points [1.1] and [1.2] mentioned above, the OIDC enabled CCM server uses Jazz Authorization Server for authentication.
The operating system can be either Windows (Server Class) or GNU/Linux (Enterprise Class).
Please visit the following hyper-link for more information on the following topics.
Deploying Jazz Authorization Server
Managing Users on Jazz Authorization Server
Enabling OIDC on CCM Server
Setting and configuring Squid
Example Squid Configuration
Contents of <SQUID_HOME>/etc/squid.conf
cache_replacement_policy heap GDSF
maximum_object_size 5120 MB
Update client registration information in jazz authorization server
Every application running on Jazz Team Server is registered as a client in Jazz Authorization Server. This happens during application deployment stage in jts/setup.
One can view the client registration information by accessing the following URL on Jazz Authorization Server machine – https://localhost:9643/oidc/endpoint/jazzop/registration
For Jazz Authorization Server to accept squid URI used to access the respective Jazz application, it is required to add them in the client registration entries.
Following are the steps to update the client registration information on JAS machine
FETCH THE CLIENT REGISTRATION DETAILS INTO A FLAT FILE
$ cd <JAS_HOME>/cli
$ lsclient –u ADMIN:ADMIN > ~/file.json
Update the contents of the file.json
The file ~/file.json should contain array of JSON objects for each application running on Jazz Team Server.
For example, there should be four JSON objects in the ~file.json for a Jazz Team Server running the applications – ccm/admin, ccm/web, jts/admin and jts/web.
Suitably, update the ‘redirect_uris’ and ‘trusted_uri_prefixes’ keys in each JSON object such that they contain Squid URIs used to access the respective application. The keys and squid URIs are highlighted in red in the image below:
With the updated file ‘~/file.json’, modify the client registration information using the following commands
# ldclient ADMIN:ADMIN ~/file.json
(where ADMIN:ADMIN is user credentials and ~file.json is path to updated json file)
About the author
Kamal Kumar is senior member of Rational Team Concert testing team. He can be reached at firstname.lastname@example.org© Copyright IBM Corporation 2017