DISCLAIMER: These are advanced scenarios which falls out of scope of Standard application support and it requires prior knowledge of working with WebSphere Liberty command line utilities. These scenarios needs to be first tested on a Non production environment and backups are to be taken before running through the instructions.
Before you begin understanding the different scenarios of Migration that we discuss below, it is important to read and understand distinction between the following :
- Configuring JAS - Configure JAS as the OIDC provider for CLM : Instructions
- Migration to JAS - Migrate a CLM instances authorization from OAuth to OIDC : Instructions
- Migration to Another JAS - This is the target area of this article
Focus of this article is to provide methods to migrate a CLM Environment configured to one JAS to a different JAS. In this article you can find various scenarios in which such a migration is required and for each such scenario, we provide a relevant approach to take.
Following are some of the Scenarios
- Migrate a JAS enabled CLM environment to a centralized JAS setup
- Clone JAS enabled CLM environment from a Production environment to an existing JAS enabled Staging environment
- Create Multiple Clones of a JAS enabled CLM environment and connect to common JAS on Staging
Scenario - Migrate a JAS enabled CLM environment to a centralized JAS setup
In this scenario we consider multi-tenant production servers
- Production A - Consists of a CLM installation Prod_01 connected to a single Jazz Authorization Server ( Prod_01_JAS )
- Production B - Consists of a CLM installation Prod_02 connected to its own JAS ( Prod_02_JAS )
- Both the JAS servers are connected to the corporate LDAP server and the userbase is common
Requirement is to have a single JAS setup for all production CLM servers. This would mean, discard
Prod_02_JAS and move
Prod_02 authorization to
Prod_01_JAS. Following is a graphical representation of the requirement.
Overview of the steps involved
- Export JAS registration from Prod_02_JAS
- Create JAS registration corresponding to the exported data in Prod_01_JAS
- Update the JAS SSO URL and Client Secret in each application teamserver.properties file
- Discard Prod_02_JAS application and database
1. Export JAS registrations from Prod_02_JAS
The first step is to export the JAS registrations data from
Prod_02_JAS. Following are instructions
- On the Prod_02_JAS server, switch directory to
[JazzAuthServerHome]\cli
and run the following commands
- Linux
./lsclient -a https://<JazzAuthServerURL>:9643/oidc/endpoint/jazzop -u [UserName]:[Password] >& prod02jas.json
- Windows
lsclient.bat -a https://<JazzAuthServerURL>:9643/oidc/endpoint/jazzop -u [UserName]:[Password] > prod02jas.json
Here is a sample exported file, we would see one such entry per application.
[ {
"functional_user_groupIds" : [ "JazzAdmins" ],
"trusted_uri_prefixes" : [ "https://localhost:9443/jts/", "https://prod02.example.com:9443/jts/", "https://127.0.0.1:9443/jts/" ],
"post_logout_redirect_uris" : [ "https://127.0.0.1:9443/jts/service/com.ibm.team.repository.service.internal.ILogoutRestService", "https://prod02.example.com:9443/jts/service/com.ibm.team.repository.service.internal.ILogoutRestService", "https://localhost:9443/jts/service/com.ibm.team.repository.service.internal.ILogoutRestService" ],
"grant_types" : [ "authorization_code", "client_credentials", "implicit", "refresh_token", "urn:ietf:params:oauth:grant-type:jwt-bearer" ],
"subject_type" : "public",
"application_type" : "web",
"allow_regexp_redirects" : false,
"registration_client_uri" : "https://prod02jas.example.com:9643/oidc/endpoint/jazzop/registration/5ba62ee8a310409485e3a60988815875",
"redirect_uris" : [ "https://localhost:9443/jts/jsa", "https://localhost:9443/jts/jsa?confirm=true", "https://prod02.example.com:9443/jts/jsa", "https://prod02.example.com:9443/jts/jsa?confirm=true", "https://127.0.0.1:9443/jts/jsa", "https://127.0.0.1:9443/jts/jsa?confirm=true" ],
"token_endpoint_auth_method" : "client_secret_basic",
"client_id" : "5ba62ee8a310409485e3a60988815875",
"introspect_tokens" : true,
"client_secret_expires_at" : 0,
"scope" : "openid profile email general",
"etag" : "ax5TWj+MkZm0Uybao5cBBA==",
"client_id_issued_at" : 1558514044,
"client_secret" : "*",
"resource_ids" : [ ],
"functional_user_id" : "jts_user",
"client_name" : "/jts",
"response_types" : [ "code", "token", "id_token token" ],
"preauthorized_scope" : "openid profile email general"
} ]
2. Create/Import the JAS registration to Prod_01_JAS
The next step is to create/import the configuration to
Prod_01_JAS. Prior to importing the configuration, we need to change the Client secret and the JAS URL value in the exported data.
Following are instructions
- Copy the prod02jas.json file exported in the previous step to Prod_01_JAS server. Example path
[JazzAuthServerHome]\cli
- Edit the prod02jas.json file and change the JAS URL listed for the parameter
registration_client_uri
to the Prod_01_JAS URL (There would be one parameter per application)
- Example for jts application
"registration_client_uri" : "https://prod02jas.example.com:9643/oidc/endpoint/jazzop/registration/5ba62ee8a310409485e3a60988815875"
- TO
"registration_client_uri" : "https://[Prod_01_JAS_URL]:[PORT]/oidc/endpoint/jazzop/registration/5ba62ee8a310409485e3a60988815875"
- In edit mode, change the Client Secret, there would one such entry per application
- Import/Create the new configurations to Staging JAS Server
- On Prod_01_JAS , switch directory to
[JazzAuthServerHome]\cli
and run the following command
- Linux
./ldclient -a https://<JazzAuthServerURL>:9643/oidc/endpoint/jazzop -u [UserName]:[Password] -c prod02jas.json
- Windows
ldclient.bat -a https://<JazzAuthServerURL>:9643/oidc/endpoint/jazzop -u [UserName]:[Password] -c prod02jas.json
3. Update the JAS SSO Details on Prod_02 CLM servers
Now that the JAS servers are merged, we have to update the JAS URLs and new Client Secret in the Prod_02 application server teamserver.properties files.
- Edit the teamserver.properties files on Prod_02 application servers. For jts, ccm, qm, rm, dcc and gc applications the file is located at
[JAZZ_HOME]\server\conf\[app]\teamserver.properties
- For each file update the Client Secret and JAS URL
- Following is an example for Prod_02 jts application teamserver.properties file
- Change the values from
com.ibm.team.repository.servlet.sso_as=https\://prod_02_jas.example.com\:9643/oidc/endpoint/jazzop
com.ibm.team.repository.servlet.sso_clientSecret=[qyLk8RKdyNJh0eGxIKjGhbGy8X377VcBQKOGE81CkgKdVX50UT91Xb/rh0uA77d467nb1tDNqctXJ9ppZVzPQw\=\=]
- TO
com.ibm.team.repository.servlet.sso_as=https\://[Prod_01_JAS_URL]\:[PORT]/oidc/endpoint/jazzop
com.ibm.team.repository.servlet.sso_clientSecret=NewClientSecret
- For JRS the application server file is
[JAZZ_HOME]\server\conf\rs\app.properties
- Following is an example for Prod_02_JRS app.properties, update the JAS URL and Client Secret
- From
jsa.auth.server.url=https\://prod_02_jas.example.com\:9643/oidc/endpoint/jazzop
jsa.client.secret=[qyLk8RKdyNJh0eGxIKjGhbGy8X377VcBQKOGE81CkgKdVX50UT91Xb/rh0uA77d467nb1tDNqctXJ9ppZVzPQw\=\=]
- TO
jsa.auth.server.url=https\://[Prod_01_JAS_URL]\:[PORT]/oidc/endpoint/jazzop
jsa.client.secret=NewClientSecret
4. Instructions for LQE and LDX
The lqe.properties file does not include the ClientID and Secret value. For these 2 applications follow the server rename procedure in our
Infocenter 6.0.6.1
Highlevel procedure
- Remove the Data Sources
- Run Compaction
- Un-register the applications from JTS > Admin page
- Change the Config Mode Parameter to True in lqe.properties file ,
configMode=true
- Register LQE and LDX with JTS
- Add the Data Sources
5. Discard Prod_02_JAS application server and database
Once the JAS servers are merged and the working and testing of Prod_01 and Prod_02 CLM instances are complete, you can discard
Prod_02_JAS server.
Scenario - Clone a JAS enabled CLM instance from production to staging
In this scenario we consider multi-tenant production servers
- Production - Consists of 2 CLM instances (Prod_01, Prod_02) connected to a single Jazz Authorization Server (ProdJAS)
- Staging - Consists of a clone one of the production CLM instances ( Prod_01 renamed to Prod_01_Clone ) and connected to its own JAS (StagingJAS)
- Both the JAS servers are connected to the corporate LDAP server and the userbase is common
Requirement is to clone
Prod_02 to the existing Staging environment as
Prod_02_Clone and connect to
StagingJAS for Authorization. Following is a graphical representation of the requirement.
Overview of the steps involved
- Clone the CLM instance Prod_02 to staging and perform a server rename to Prod_02_Clone
- Export JAS registration of Prod_02 (jts,ccm ..) from ProdJAS
- Create JAS registration corresponding to the exported data in StagingJAS (Update ClientSecret, PublicURI references)
- Update the JAS SSO URL and Client Secret in all Prod_02_Clone application teamserver.properties files
1. Clone CLM instance and Server Rename
The first step is to clone the production CLM environment
Prod_02 to staging without the JAS data and perform a Server Rename to change Public URI to
Prod_02_Clone. The instructions to be followed are listed in the following links, however, follow JAS related steps only to disable it from all applications before the Server Rename. To re-enable JAS on the clone, use the steps in this article to connect to existing JAS
StagingJAS.
2. Export JAS registrations from Production
The next step is to export the JAS registrations data for
prod4 from
ProdJAS. In this scenario we consider the
Prod_02 server consists of
jts,
ccm,
dcc and
jrs applications. We will export individual application registration data from
ProdJAS.
Following are instructions
- Find the ClientID for each application
- For jts, ccm, qm, rm, dcc and gc applications, look for the clientId value in
[JAZZ_HOME]\server\conf\[app]\teamserver.properties
- For each application find the clientid, following is an example for Prod_02 jts application teamserver.properties file
com.ibm.team.repository.servlet.sso_clientId=4ce915c5d6a1467b9fcd397d62c29c6e
- For jrs Access the JAS Registration URL to find the ClientID
- Access the following URL for the list for registrations
https://prodjas.example.com:9643/oidc/endpoint/jazzop/registration
- Search for Prod_02 specific application URLs , example for jrs search for
https://prod02.example.com/rs
- Find the clientid as shown below
"client_id" : "9b4d6f2d534749fcb11502be2aac86b8"
client_name "/jrs"
- Export the data from JAS for each client ID
- Switch directory to
[JazzAuthServerHome]\cli
and run the following command
- Linux
./lsclient -a https://<JazzAuthServerURL>:9643/oidc/endpoint/jazzop -u <UserName>:<Password> <ClientID> >& prod02jts.json
- Windows
lsclient.bat -a https://<JazzAuthServerURL>:9643/oidc/endpoint/jazzop -u <UserName>:<Password> <ClientID> > prod02jts.json
- An example of prod4 jts application
./lsclient -a https://prodjas.example.com:9643/oidc/endpoint/jazzop -u clmadmin:mypassword 4ce915c5d6a1467b9fcd397d62c29c6e >& prod02jts.json
In this scenario as we considered 4 applications
jts,
ccm,
dcc and
jrs we would now have exported 4 files, example
prod02jts.json,
prod02ccm.json,
prod02dcc.json and _prod02jrs.json. Here is a sample exported file.
[ {
"functional_user_groupIds" : [ "JazzAdmins" ],
"trusted_uri_prefixes" : [ "https://localhost:9443/jts/", "https://prod02.example.com:9443/jts/", "https://127.0.0.1:9443/jts/" ],
"post_logout_redirect_uris" : [ "https://127.0.0.1:9443/jts/service/com.ibm.team.repository.service.internal.ILogoutRestService", "https://prod02.example.com:9443/jts/service/com.ibm.team.repository.service.internal.ILogoutRestService", "https://localhost:9443/jts/service/com.ibm.team.repository.service.internal.ILogoutRestService" ],
"grant_types" : [ "authorization_code", "client_credentials", "implicit", "refresh_token", "urn:ietf:params:oauth:grant-type:jwt-bearer" ],
"subject_type" : "public",
"application_type" : "web",
"allow_regexp_redirects" : false,
"registration_client_uri" : "https://prodjas.example.com:9643/oidc/endpoint/jazzop/registration/5ba62ee8a310409485e3a60988815875",
"redirect_uris" : [ "https://localhost:9443/jts/jsa", "https://localhost:9443/jts/jsa?confirm=true", "https://prod02.example.com:9443/jts/jsa", "https://prod02.example.com:9443/jts/jsa?confirm=true", "https://127.0.0.1:9443/jts/jsa", "https://127.0.0.1:9443/jts/jsa?confirm=true" ],
"token_endpoint_auth_method" : "client_secret_basic",
"client_id" : "5ba62ee8a310409485e3a60988815875",
"introspect_tokens" : true,
"client_secret_expires_at" : 0,
"scope" : "openid profile email general",
"etag" : "ax5TWj+MkZm0Uybao5cBBA==",
"client_id_issued_at" : 1558514044,
"client_secret" : "*",
"resource_ids" : [ ],
"functional_user_id" : "jts_user",
"client_name" : "/jts",
"response_types" : [ "code", "token", "id_token token" ],
"preauthorized_scope" : "openid profile email general"
} ]
3. Create/Import JAS registration on Staging
The next step is to create/import these configuration to the staging JAS environment
StagingJAS. Prior to importing the configuration, we need to change the URLs to match the server rename performed and the Client secret.
Following are instructions
- Copy the .json files exported in the previous step to Staging JAS server ( StagingJAS ), example path
[JazzAuthServerHome]\cli
- Change the URLs to match staging servers URLs in each exported .json file
- Edit each .json file and change the URLs under the parameters
trusted_uri_prefixes
, post_logout_redirect_uris
and redirect_uris
- Example change URL from
https://prod02.example.com
to https://prod02clone.example.com
- Change the JAS URL listed for the parameter
registration_client_uri
to the Staging JAS URL "registration_client_uri" : "https://prodjas.example.com:9643/oidc/endpoint/jazzop/registration/5ba62ee8a310409485e3a60988815875"
- TO
"registration_client_uri" : "https://[STAGING_JAS_URL]:[PORT]/oidc/endpoint/jazzop/registration/5ba62ee8a310409485e3a60988815875"
- Change the Client Secret
- Import/Create the new configurations to StagingJAS Server
- Switch directory to
[JazzAuthServerHome]\cli
and run the following command
- Linux
./ldclient -a https://<JazzAuthServerURL>:9643/oidc/endpoint/jazzop -u <UserName>:<Password> -c prod02jts.json
- Windows
ldclient.bat -a https://<JazzAuthServerURL>:9643/oidc/endpoint/jazzop -u <UserName>:<Password> -c prod02jts.json
- An example of prod4 jts .json file imported into stagingjas
./ldclient -a https://stagingjas.example.com:9643/oidc/endpoint/jazzop -u clmadmin:mypassword -c prod02jts.json
4. Complete Server Rename - JAS
In Step 1 we had performed a Server rename of the cloned
Prod_02 CLM instance in staging server to _Prod_02_Clone. We can now complete the Server Rename process with the following steps.
- Enable JAS on each application teamserver.properties and update the JAS URL to StagingJAS URL
- Edit the Client Secret value to the new value updated during Import (A restart would encrypt the value)
- For jts, ccm, qm, rm, dcc and gc applications, you can find the Client Secret in
[JAZZ_HOME]\server\conf\[app]\teamserver.properties
- For each application update the Client Secret, JAS URL and enable JAS SSO, following is an example for _Prod_02_Clone jts application
-
com.ibm.team.repository.servlet.sso_as=https\://pordjas.example.com\:9643/oidc/endpoint/jazzop
com.ibm.team.repository.servlet.sso_clientSecret=[qyLk8RKdyNJh0eGxIKjGhbGy8X377VcBQKOGE81CkgKdVX50UT91Xb/rh0uA77d467nb1tDNqctXJ9ppZVzPQw\=\=]
- TO
-
com.ibm.team.repository.servlet.sso_as=https\://[STAGING_JAS_URL]\:[PORT]/oidc/endpoint/jazzop
com.ibm.team.repository.servlet.sso_clientSecret=NewClientSecret
- For jrs application, the Client Secret and JAS URL can be found in
[JAZZ_HOME]\server\conf\rs\app.properties
- Edit the following parameters
jsa.auth.server.url=https\://prodjas.example.com\:9643/oidc/endpoint/jazzop
jsa.client.secret=[qyLk8RKdyNJh0eGxIKjGhbGy8X377VcBQKOGE81CkgKdVX50UT91Xb/rh0uA77d467nb1tDNqctXJ9ppZVzPQw\=\=]
- TO
jsa.auth.server.url=https\://[STAGING_JAS_URL]\:[PORT]/oidc/endpoint/jazzop
jsa.client.secret=NewClientSecret
5. Additional Instructions for LQE and LDX
As part of the Server Rename process you would have Un-registered LQE and LDX applications as per instructions from our
Infocenter 6.0.6.1.
At this stage you would Register the LQE and LDX application with the new URL (example:
https://prod02clone.example.com/lqe/scr and
https://prod02clone.example.com/lqe/scr) to the cloned JTS server. This would automatiically register a new ClientID, ClientSecret and application URIs to the
stagingjas server.
Scenario - Setup Multiple Clones of a JAS enabled CLM environment
In this scenario we consider multi-tenant production servers
- Production - Consists of 2 CLM instances (Prod_01, Prod_02) connected to a single Jazz Authorization Server (ProdJAS)
- Staging - Consists of a clone of the production CLM instances ( Prod_01_Clone and Prod_02_Clone) and connected to its own JAS (StagingJAS)
- Both the JAS servers are connected to the corporate LDAP server and the userbase is common
Requirement is to clone another copy of
Prod_01 to the existing Staging environment as
Prod_01_Clone02 and connect to
StagingJAS for Authorization. Following is a graphical representation of the requirement.
Overview of the steps involved
- Clone the CLM instance Prod_01 to sating and perform a server rename to Prod_01_Clone02 ( Prod_01 instance has already been cloned as Prod_01_Clone )
- Export JAS registration of Prod_01 (jts,ccm ..) from ProdJAS
- Update the ClientID, ClientSecret and PublicURI references in the exported file
- Create JAS registration corresponding to the exported data in StagingJAS
- Update the JAS SSO URL, ClientID and Client Secret in all Prod_01_Clone02 application teamserver.properties files
1. Clone Another Copy of CLM instance and Server Rename
The first step is to clone another copy the production CLM environment
Prod_01 to staging without the JAS data and perform a Server Rename to change Public URI to
Prod_01_Clone02. The instructions to be followed are listed in the following links, however, follow JAS related steps only to disable it from all applications before the Server Rename. To re-enable JAS on the clone, use the steps in this article to connect to existing JAS
StagingJAS.
2. Export JAS registrations from Production
The next step is to export the JAS registrations data for
Prod_01 from
ProdJAS. In this scenario we consider the
Prod_01 server consists of
jts,
ccm applications. We will export individual application registration data from
ProdJAS.
Following are instructions
- Find the Client Id for each application
- Export the data from JAS for each client ID
- Switch directory to
[JazzAuthServerHome]\cli
and run the following command
- Linux
./lsclient -a https://<JazzAuthServerURL>:9643/oidc/endpoint/jazzop -u <UserName>:<Password> <ClientID> >& prod01jts.json
- Windows
lsclient.bat -a https://<JazzAuthServerURL>:9643/oidc/endpoint/jazzop -u <UserName>:<Password> <ClientID> > prod01jts.json
- An example of prod4 jts application
./lsclient -a https://prodjas.example.com:9643/oidc/endpoint/jazzop -u clmadmin:mypassword 4ce915c5d6a1467b9fcd397d62c29c6e >& prod01jts.json
In this scenario as we considered 2 applications
jts,
ccm we would now have exported 2 files, example
prod01jts.json,
prod01ccm.json. Here is a sample exported file.
[ {
"functional_user_groupIds" : [ "JazzAdmins" ],
"trusted_uri_prefixes" : [ "https://localhost:9443/jts/", "https://prod02.example.com:9443/jts/", "https://127.0.0.1:9443/jts/" ],
"post_logout_redirect_uris" : [ "https://127.0.0.1:9443/jts/service/com.ibm.team.repository.service.internal.ILogoutRestService", "https://prod02.example.com:9443/jts/service/com.ibm.team.repository.service.internal.ILogoutRestService", "https://localhost:9443/jts/service/com.ibm.team.repository.service.internal.ILogoutRestService" ],
"grant_types" : [ "authorization_code", "client_credentials", "implicit", "refresh_token", "urn:ietf:params:oauth:grant-type:jwt-bearer" ],
"subject_type" : "public",
"application_type" : "web",
"allow_regexp_redirects" : false,
"registration_client_uri" : "https://prod02jas.example.com:9643/oidc/endpoint/jazzop/registration/5ba62ee8a310409485e3a60988815875",
"redirect_uris" : [ "https://localhost:9443/jts/jsa", "https://localhost:9443/jts/jsa?confirm=true", "https://prod02.example.com:9443/jts/jsa", "https://prod02.example.com:9443/jts/jsa?confirm=true", "https://127.0.0.1:9443/jts/jsa", "https://127.0.0.1:9443/jts/jsa?confirm=true" ],
"token_endpoint_auth_method" : "client_secret_basic",
"client_id" : "4ce915c5d6a1467b9fcd397d62c29c6e",
"introspect_tokens" : true,
"client_secret_expires_at" : 0,
"scope" : "openid profile email general",
"etag" : "ax5TWj+MkZm0Uybao5cBBA==",
"client_id_issued_at" : 1558514044,
"client_secret" : "*",
"resource_ids" : [ ],
"functional_user_id" : "jts_user",
"client_name" : "/jts",
"response_types" : [ "code", "token", "id_token token" ],
"preauthorized_scope" : "openid profile email general"
} ]
3. Create/Import JAS registration on Staging
The next step is to create/import these configuration to the staging JAS environment
StagingJAS. Prior to importing the configuration, we need to change the URLs to match the server rename performed and the Client ID and Secret needs to be changed as well to make the new configuration unique as the CLient ID exists from the previous import for
Prod_01_Clone .
Following are instructions
- Copy the .json files exported in the previous step to Staging JAS server ( StagingJAS ), example path
[JazzAuthServerHome]\cli
- Change the URLs to match staging servers URLs in each exported .json file
- Edit each .json file and change the URLs under the parameters
trusted_uri_prefixes
, post_logout_redirect_uris
and redirect_uris
- Example change URL from
https://prod01.example.com
to https://prod01clone02.example.com
- Change the JAS URL listed for the parameter
registration_client_uri
to the Staging JAS URL "registration_client_uri" : "https://prodjas.example.com:9643/oidc/endpoint/jazzop/registration/5ba62ee8a310409485e3a60988815875"
- TO
"registration_client_uri" : "https://[STAGING_JAS_URL]:[PORT]/oidc/endpoint/jazzop/registration/5ba62ee8a310409485e3a60988815875"
- Change the Client Id to make it unique to the second clone
- Change the Client Secret
- Import/Create the new configurations to StagingJAS Server
- Switch directory to
[JazzAuthServerHome]\cli
and run the following command
- Linux
./ldclient -a https://<JazzAuthServerURL>:9643/oidc/endpoint/jazzop -u <UserName>:<Password> -c prod01jts.json
- Windows
ldclient.bat -a https://<JazzAuthServerURL>:9643/oidc/endpoint/jazzop -u <UserName>:<Password> -c prod01jts.json
- An example of prod01jts.json file imported into stagingjas
./ldclient -a https://stagingjas.example.com:9643/oidc/endpoint/jazzop -u clmadmin:mypassword -c prod01jts.json
4. Complete Server Rename - JAS
In Step1 we had performed a Server rename of another clone
Prod_01 CLM instance in staging server to _Prod_01_Clone02. We can now complete the Server Rename process with the following steps.
- Enable JAS on each application teamserver.properties and update the JAS URL to StagingJAS URL
- Edit the Client ID and Client Secret value to the new value updated during Import (A restart would encrypt the value)
- For jts, ccm, qm, rm, dcc and gc applications, you can find the Client Secret in
[JAZZ_HOME]\server\conf\[app]\teamserver.properties
- For each application update the Client ID, Client Secret, JAS URL and enable JAS SSO, following is an example for _Prod_01_Clone02 jts application
com.ibm.team.repository.servlet.sso_as=https\://prodjas.example.com\:9643/oidc/endpoint/jazzop
com.ibm.team.repository.servlet.sso_clientId=4ce915c5d6a1467b9fcd397d62c29c6e
com.ibm.team.repository.servlet.sso_clientSecret=[qyLk8RKdyNJh0eGxIKjX377VcBQK81CkgKdVX1Xb/rh0uA77d467nb1tDNqctXJ9ppZVzPQw\=\=]
- TO
com.ibm.team.repository.servlet.sso_as=https\://stagingjas.example.com\:9643/oidc/endpoint/jazzop
com.ibm.team.repository.servlet.sso_clientId=Prod_01_Clone02
com.ibm.team.repository.servlet.sso_clientSecret=NewClientSecret
External links: