<div id="header-title" style="padding: 10px 15px; border-width:1px; border-style:solid; border-color:#FFD28C; background-image: url(<nop>https://jazz.net/wiki/pub/Deployment/WebPreferences/TLASE.jpg); background-size: cover; font-size:120%"> ---+!! How to Setup Team Concert Smart Card Integration %DKGRAY% Authors: Main.ZeeshanChoudhry <br> Build basis: IBM Rational Team Concert 4.x, 5.x %ENDCOLOR%</div></sticky> <!-- Page contents top of page on right hand side in box --> <sticky><div style="float:right; border-width:1px; border-style:solid; border-color:#DFDFDF; background-color:#F6F6F6; margin:0 0 15px 15px; padding: 0 15px 0 15px;"> %TOC{title="Page contents"}% </div></sticky> <sticky><div style="margin:15px;"></sticky> This article explains how you can setup IBM Rational Team Concert for Smart Card integration. ---++ Rational Team Concert Eclipse client settings If the Rational Team Concert (RTC) Eclipse client was installed in the following directory <verbatim> C:\Program Files\IBM\TeamConcert </verbatim> then the following JRE file would have to be modified: <verbatim> C:\Program Files\IBM\TeamConcert\jdk\jre\lib\security\java.security </verbatim> 1) Search for the following section, and make the modification below: <verbatim> # # List of providers and their preference orders (see above): # security.provider.1=com.ibm.security.capi.IBMCAC security.provider.2=com.ibm.jsse2.IBMJSSEProvider2 security.provider.3=com.ibm.crypto.provider.IBMJCE security.provider.4=com.ibm.security.jgss.IBMJGSSProvider security.provider.5=com.ibm.security.cert.IBMCertPath security.provider.6=com.ibm.security.sasl.IBMSASL security.provider.7=com.ibm.xml.crypto.IBMXMLCryptoProvider security.provider.8=com.ibm.xml.enc.IBMXMLEncProvider security.provider.9=org.apache.harmony.security.provider.PolicyProvider security.provider.10=com.ibm.security.jgss.mech.spnego.IBMSPNEG </verbatim> Note that <a href="http://www.ibm.com/support/knowledgecenter/SSYKE2_6.0.0/com.ibm.java.security.component.60.doc/security-component/cacDocs/introduction.html" target="_blank">IBM CAC (Common Access Card) support</a> has been enabled. 2) Search for the next section and make sure the following has been specified as to the default keystore: <verbatim> # # Default keystore type. # keystore.type=Windows-MY </verbatim> *The above sections show the correctly modified content within the java.security file to enable the support for IBM CAC and thus Smart Card Log-in ability within the Rational Team Concert Eclipse client* *NOTE*: If you are using IBM Rational Team Concert Eclipse client version 4.0.3, use *keystore.type=JKS* For more information on why using JKS key store refer to defect <a href="https://jazz.net/jazz/web/projects/Jazz%20Foundation#action=com.ibm.team.workitem.viewWorkItem&id=268980" target="_blank">Defect 268980</a> 3) For RTC Eclipse Client 6.0.3 and newer on Windows. You may receive the following error when selecting Smart Card. <verbatim> com.ibm.team.repository.common.TeamRepositoryException: CRJAZ2384E Cannot connect to the repository at URL "https://server/ccm", see the nested exception for more details. <...> Caused by: javax.net.ssl.SSLHandshakeException: Error signing certificate verify <...> Caused by: java.security.InvalidKeyException: No installed provider supports this key: com.ibm.security.capi.RSAPrivateKey </verbatim> When in non-FIPS mode IBMCAC delegates signing operations to the MSCAPI. Windows does not support SHA224withRSA. https://blogs.msdn.microsoft.com/alejacma/2009/01/23/sha-2-support-on-windows-xp/ Excerpt from link with Microsoft statement on not supporting SHA-224: "Regarding SHA-224 support, SHA-224 offers less security than SHA-256 but takes the same amount of resources. Also SHA-224 is not generally used by protocols and applications. The NSA's Suite B standards also do not include it. We have no plans to add it on future versions of our CSPs." So to fix this problem, update the java.security file to disable SHA224withRSA. <verbatim> jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768, SHA224withRSA </verbatim> ---+++ Verify that the Microsoft Visual C++ 2010 Redistributables are installed. In Microsoft Windows *Control Panel -> Add or Remove Programs* search for the installation NOTE: 32bit Operating Systems will only require the 32bit version of the redistributable. 64bit Operating Systems will require both the 32bit and 64bit versions of the redistributable. See the following links to the redistributables: <a href="http://www.microsoft.com/en-us/download/details.aspx?id=5555" target="_blank">Microsoft Visual C++ 2010 Redistributable Package (x86)</a> <a href="http://www.microsoft.com/en-us/download/details.aspx?id=14632" target="_blank">Microsoft Visual C++ 2010 Redistributable Package (x64)</a> <a href="http://support.microsoft.com/kb/2019667" target="_blank">Latest Supported Visual C++ Downloads</a> *WARNING:* If you fail to verify that the Microsoft Visual C++ 2010 Redistributables are installed, the RTC Eclipse Client will immediately exit without any error message or core, even when sending the debug output to a log or java console. This is a sign that the redistributables are missing, and you should immediately check to see that they are installed. As noted above, if this is a 64bit Operating System, you will need BOTH the 32bit and 64bit redistributables ---+++ Verify the IBM JRE version bundled within the RTC Eclipse Client: In Rational Team Concert Eclipse client *Help -> About Rational Team Concert -> Installation Details* Example: <verbatim> java.runtime.name=Java(TM) SE Runtime Environment java.runtime.version=pwa6460sr13fp1-20130325_01 (SR13 FP1) java.specification.name=Java Platform API Specification java.specification.vendor=Sun Microsystems Inc. java.specification.version=1.6 java.util.prefs.PreferencesFactory=java.util.prefs.WindowsPreferencesFactory java.vendor=IBM Corporation java.vendor.url=http://www.ibm.com/ java.version=1.6.0 java.vm.info=JRE 1.6.0 IBM J9 2.4 Windows 7 amd64-64 jvmwa6460sr13-20130114_134867 (JIT enabled, AOT enabled) J9VM - 20130114_134867 JIT - r9_20130108_31100 GC - 20121212_AA_CMPRSS java.vm.name=IBM J9 VM java.vm.specification.name=Java Virtual Machine Specification java.vm.specification.vendor=Sun Microsystems Inc. </verbatim> As seen above, the JVM vendor is IBM, the major version is 1.6 and the service release is *SR13 FP1*: Therefore, the above SDK will support IBM CAC. If the Service Release is below 1.6 SR12, then you will require an upgrade to the SDK bundled with the IBM Rational Team Concert Eclipse client. You can download it from <a href="http://jazz.net" target="_blank">Jazz.net</a> ---++ Rational Team Concert Server settings Refer to link [[https://jazz.net/library/article/606][Configuring certificate authentication in Rational Team Concert 3.0 using WebSphere Application Server 7.0]] ---+++++!! Related topics: [[DeploymentWebHome][Deployment web home]] ---+++++!! External links: * <a href="https://www.ibm.com" target="_blank">IBM</a> * <a href="https://jazz.net/library/article/1438" target="_blank">Prerequisites for using smart card authentication in Rational Team Concert</a> ---+++++!! Additional contributors: Christopher Guild <sticky></div></sticky>
This topic: Deployment
>
WebHome
>
DeploymentIntegrating
>
RationalTeamConcertIntegrations
>
IntegratingRTCAndSmartCardSettings
History: r11 - 2017-12-20 - 14:17:38 - Main.alexvs
Copyright © by IBM and non-IBM contributing authors. All material on this collaboration platform is the property of the contributing authors.
Contributions are governed by our
Terms of Use.
Please read the following
disclaimer
.
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more
here
.