Configuring Jazz Team Server single sign-on authentication for the web app

You can set the web app to use Jazz™ Team Server single sign-on (SSO) authentication .

About this task

This type of authentication is supported on Apache Tomcat, WebSphere® Application Server and WebSphere Application Server Liberty Profile . The Liberty server must be configured for https connections.

Install and configure Jazz Team Server 6.0 with Jazz Security Architecture

Procedure

  1. Install Jazz Team Server .
  2. Enable Jazz Security Architecture SSO.

    For new installations, you enable Jazz Security Architecture SSO by selecting it as an option during the installation process. For more information, see Installing the Rational® solution for Collaborative Lifecycle Management by using IBM® Installation Manager.

    For existing installations, you enable Jazz Security Architecture SSO by performing a migration procedure after you upgrade to the current release. For more information, see Enabling Jazz Security Architecture single sign-on after upgrading.

  3. Deploy and start the Jazz Team Server and other CLM applications on the application server. Ensure that you deploy and start Jazz Authorization Server.
  4. Run the Custom setup wizard to configure the server.

Register the web app with Jazz Team Server

Procedure

  1. Start the Rational Publishing Engine web app.
  2. Log in to the Administration page of the Jazz Team Server. Point your web browser to https://qualified.hostname.com:9443/jts/admin
  3. Click the Server tab.
  4. In the Configuration section, click Registered Applications.
  5. In the Registered Applications section, click Add.
  6. In the Add Application window, complete the following information about your application.
    Option Description
    Application Name A name for the application, for example /rpeng. It must be unique among all applications that are registered with the Jazz Team Server.

    Discovery URL

    The service contribution resource (SCR) URL for the application. In general, for the Discovery URL, add /scr to the end of the public URL of the application. For example, if the public URL is https://qualified.hostname.com:port/rpeng, the corresponding SCR URL would be https://qualified.hostname.com:port/rpeng/scr.

    Application Type After you type the Discovery URL, wait a few moments and the Jazz Team Server will detect the type of application that you are registering.
    Consumer Secret Type a consumer secret for the application that you are registering. Jazz Team Server automatically generates a consumer key.

    Functional User ID

    Type the user ID of the functional user that will perform background tasks, for example rpe_user .

    Authorization Server URL Enter https://qualified.hostname.com:9643/oidc/endpoint/jazzop.
    Administrator User ID Enter administrator credentials, for example ADMIN.
    Administrator Password Enter the administrative password.
  7. Click Finish.

Set up the web app with Jazz Team Server SSO authentication

Procedure

  1. Log into the web app as an administrator.
  2. To administer the application, click your user name in the product banner.
  3. Select Administer from the drop-down menu.
  4. Click Runtime Variables.
  5. In the AUTHENTICATION_TYPE field, enter AUTH_TYPE_JTS.
  6. Click Save.
  7. Add a JTS user as a Rational Publishing Engine administrator by entering the userid in the RPE_WEB_ADMIN_USERS field. If you are adding multiple users, separate the users with commas.
  8. Save your changes and log out.
  9. In a browser, open the URL for the web app. The authentication should be delegated to the Jazz Team Server single sign-on page.

Feedback