IBM Support

Secure OSLC content does not display in unsecured consumer frame

Troubleshooting


Problem

IBM Rational ClearQuest content does not display in OSLC consumer frame.

Symptom

No content is displayed when attempting to retrieve secure ClearQuest data (https connection) from an unsecured OSLC consumer (http connection). Similarly, no content is displayed when attempting to retrieve unsecured ClearQuest data (http connection) from a secure OSLC consumer (https connection).

Cause

This ClearQuest Web behavior follows the HTTP 1.1 security guidelines for browsers, described in section 15.1.3, Encoding sensitive information in URIs, of the specification:

"Clients SHOULD NOT include a Referer header field in a (non-secure) HTTP request if the referring page was transferred with a secure protocol."

The iframe security implementations for both Internet Explorer and Firefox conform to the HTTP 1.1 specification guidelines, and the cross-frame scripting security implementation in ClearQuest Web relies on the Referer header field.

See the following articles for browser-specific information about this issue:

Resolving The Problem

If an OSLC consumer is started in a web browser by using an https connection, then ClearQuest OSLC providers must also be accessed by using https.  In this scenario, use https for the discovery URL when defining server friends for ClearQuest providers.

Similarly, if the OSLC consumer is started in a browser by using an http connection, then ClearQuest OSLC providers must also be accessed by using http.  In this scenario, use http for the discovery URL when defining server friends for ClearQuest providers.

For example, Collaborative Lifecycle Management (CLM) products are accessed by using an https connection of the form https://fully-qualified-host-name:9443/ccm/web.  Therefore, the discovery URL for ClearQuest friends must be of the form https://mycqserver/cqweb/oslc/repo/myschemarepo

[{"Product":{"code":"SSSH5A","label":"Rational ClearQuest"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Integrations: IBM","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF010","label":"HP-UX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"}],"Version":"7.1.2.6;8.0.0.2","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
16 June 2018

UID

swg21586892