Access to one RM from a different JTS
Hello,
I'm having troubles trying to connect to a RM application from a different JTS instance.
Here is the problem:
I have 2 servers with two instances of JTS. Lets say Server A and Server B.
What i want to do is to use Server A as OAuth to validate users and access to the catalog defined in rm/catalog on Server B.
As far as I know, i've defined Outbound link (friend) from Server B JTS to Server A JTS, and in the other side i've defined Inbound link (consumer) from Server A JTS to Server B JTS and added both urls to whitelist.
The problem is that after the validation in Server A (it is the responsible of token generation and authorization), when i'm trying to get the catalog URL i'm getting Error 401 Unauthorized due to invalid token.
Am I missunderstanding anything?
BR
|
2 answers
Ralph Schoon (63.3k●3●36●46)
| answered Feb 29, 2:44 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER edited Feb 29, 5:14 a.m. I would suggest to follow https://www.ibm.com/docs/en/engineering-lifecycle-management-suite/lifecycle-management/7.0.3?topic=server-configuring-friends and make sure that all the required servers are friended.
You might have to make the far RM server a friend to the other JTS as well.
|
Ian Barnard (2.0k●6●13)
| answered Mar 01, 4:07 a.m.
FORUM ADMINISTRATOR / FORUM MODERATOR / JAZZ DEVELOPER edited Mar 01, 4:08 a.m. Hi
Friending creates an OSLC relationship, which is necessary to allow e.g. linking, but doesn't create or specify single sign-on.
You need to ensure your application servers have a shared authentication mechanism; it's possible to configure two liberty to have the same SSO realm using ltpa keys.
You can do this with two Liberty but with only one JTS you'd register both /rm1 and /rm2 to that JTS.
For a user registry you can configure that JTS to use LDAP or to use Jazz Authorization Server which itself can use LDAP/SAML
If you need to have two JTS I think they'll have to share the same JAS to get single sign on.
HTH
Ian
|
Your answer
Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.