Fix Readme
Abstract
Why don’t I see IBM Rational ClearQuest Web content in my OSLC dialog?
Content
You may be using an Open Services Lifecycle Collaboration (OSLC) client that is not compatible with some security settings in IBM Rational ClearQuest Web. Thick clients like IBM Rational DOORS and Rational Systems Architect (RSA) do not send the information required by ClearQuest Web OSLC security validation routines; therefore, ClearQuest Web blocks processing of the request.
Example: Clients such as the Rational DOORS and RSA thick clients may encounter this problem.
Note: By default, ClearQuest Web permits displaying HTML content only on hosts that have been configured as authorized OAuth consumers or on hosts where there are linked OSLC projects.
Note: Even after using this workaround, web content may still be blocked by Mozilla Firefox version 23 and higher or Mozilla Firefox ESR version 24 and higher. For more information on mixed active content blocking, please refer to the Mozilla documentation:
https://blog.mozilla.org/security/2013/05/16/mixed-content-blocking-in-firefox-aurora/
https://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23/
Workaround: If you have an environment using these thick clients, you must disable Cross Frame Scripting (XFS) security in ClearQuest Web by applying the following steps:
1. Navigate to the location of the ClearQuest Web deployment descriptor file (web.xml)
2. Copy the file web.xml to web.xml.updated
3. In web.xml.updated, change the value of the parameter that needs changing
ClearQuest 8.0.0.2 & 7.1.2.6:
- xfs.validation.enabled
Acceptable values: true or false
Default value: true
- Note: This is parameter controls the overall XFS security engine. Disabling the XFS security engine will instruct ClearQuest Web not to perform any security validation. Therefore, xfs.validation.oslc.enabled or xfs.authorized.hosts parameters are not needed if this parameter is disabled.
ClearQuest 8.0.0.3 & 7.1.2.7
- xfs.validation.oslc.enabled
Acceptable values: true or false
Default value: false
Note: Setting this value to "true" will instruct the XFS security engine to check OSLC delegated UI requests: i.e. creation dialog, selection dialog, and record preview dialog. Desktop applications acting as OSLC consumers of ClearQuest Web will display NO content with this setting enabled since they are not capable of sending the "Referer" request header. Until those applications are modified to send a valid "Referer" header value, ClearQuest administrators should disable this security check. Setting this parameter to "false" will not validate OSLC delegated UI requests.
- xfs.authorized.hosts
Acceptable values: a comma-separated list of host names (DNS must resolve these hostnames)
Default value: empty
Note: ClearQuest administrators can add additional hosts to the ClearQuest Web system allowing them to serve ClearQuest Web HTML content inside iframes. Because hosts that are already configured as OSLC consumers or OSLC linked projects are authorized automatically, you do not have to add them. An example scenario is an intranet site that has a project dashboard hosting several ClearQuest Web queries in iframes, the target ClearQuest Web machine must add the intranet site host name as an authorized host to be able to display the results of those queries in iframes.
4. Save your change
5. From a command prompt, run the following command to start the wsadmin utility:
On Microsoft Windows:
ClearQuest 7.1.x
%RATIONAL_COMMON%\cm\profiles\cmprofile\bin\wsadmin
ClearQuest 8.0.x
CQWEB_PROFILE_PATH\bin\wsadmin
On the UNIX system and Linux:
ClearQuest 7.1.x
$RATIONAL_COMMON/cm/profiles/cmprofile/bin/wsadmin.sh
ClearQuest 8.0.x
CQWEB_PROFILE_PATH/bin/wsadmin.sh
6. From the wsadmin prompt, run the following commands:
wsadmin> $AdminApp update TeamEAR file {-operation update -contents web.xml.updated -contenturi cqweb.war/WEB-INF/web.xml}
wsadmin> $AdminConfig save
wsadmin> exit
7. Restart the WebSphere Application Server to activate the change.
On Microsoft Windows:
Stop and restart the Windows service associated with the ClearQuest
Web profile.
Start > Control Panel > Administrative Tools > Services.
On the UNIX system and Linux:
ClearQuest 7.1.x
$RATIONAL_COMMON/cm/profiles/cmprofile/bin/stopServer.sh server1
ClearQuest 8.0.x
CQWEB_PROFILE_PATH/bin/stopServer.sh server
For more information on this security issue please refer to the below link.
Cross Frame Scripting Security Vulnerability
Related Information
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21587046