Disabling security certificate settings
If you do not require secure connections, the security settings can be disabled.
Important: These instructions explain how to disable the SSL certificate, which permits
unencrypted connections to the server, including user login credentials. Disabling SSL can create a
security exposure where a malicious user within the network can attack the system. For secure
connections, create a self-signed certificate that identifies the host by its network name, or
request a certificate that is signed by a trusted certificate authority (CA). If the system is
already configured and uses a secure public URI, you cannot disable the security for the
applications because the server has already cached a secure public URI. You must run these
instructions before you configure your server by running the setup wizard.
Important: Make sure SameSite is disabled in your browser.
Modifying the Liberty settings
Note: You must have started the WebSphere Liberty server at least one time.
- Go to the JazzInstallDir/server/liberty/servers/clm directory, where JazzInstallDir is the directory where Jazz® Team Server is installed, and open the server.xml file for editing.
- Search for httpSession and change the cookieSecure value to false.
- Search for webAppSecurity and change the ssoRequiresSSL
value to false. The code snippet should look like
this:
<httpSession invalidateOnUnauthorizedSessionRequestException="true" cookieSecure="false"/> <webAppSecurity ssoRequiresSSL="false"/>
- Search for httpEndpoint and delete the <samesite>
included tag. The code snippet should look like
this:
<httpEndpoint id="defaultHttpEndpoint" host="*" httpPort="9080" httpsPort="9443"> </httpEndpoint>
- Go to the JazzInstallDir/server/liberty/servers/clm/apps/jts.war/WEB-INF directory.
- Edit the web.xml file in this directory and change all occurrences of CONFIDENTIAL to NONE.
- Repeat the preceding steps to edit the web.xml for the following installed
applications:
Table 1. Path to the web.xml files Application Path to the web.xml file Change and Configuration Management (CCM) JazzInstallDir/server/liberty/servers/clm/apps/ccm.war/WEB-INF/web.xml Quality Management (QM) JazzInstallDir/server/liberty/servers/clm/apps/qm.war/WEB-INF/web.xml Report Builder JazzInstallDir/server/liberty/servers/clm/apps/rs.war/WEB-INF/web.xml - Disable secure cookies.
- Liberty server:
-
- Go to JazzInstallDir/server and open server.startup for editing.
- Enter the following
line:
JAVA_OPTS="$JAVA_OPTS -Dcom.ibm.team.jfs.app.oauth.OAuthHelper.disableSecureCookies=true"
set JAVA_OPTS=%JAVA_OPTS% -Dcom.ibm.team.jfs.app.oauth.OAuthHelper.disableSecureCookies=true
- Restart the WebSphere Liberty server.
- Open a browser and go to http://hostname.example.com:9080/jts/setup and continue with the setup wizard. Also, verify that you do not get redirected to https://hostname.example.com:9443/jts/setup.
Modifying the WebSphere Application Server settings
- Modify the web.xml file from the jts.war file that was installed into WebSphere® Application Server. Extract the .war files into a temporary area first to retrieve to the file.
- Change all occurrences of CONFIDENTIAL to NONE and save the file.
- Make sure that WebSphere Application Server is running and go to https://localhost:9043/ibm/console/logon.jsp.
- Click .
- Select jts_war and click Update.
- Select Replace or add a single file.
- In the Specify the path beginning with the installed application archive file to the file to be replaced or added field, enter jts.war/WEB-INF/web.xml.
- Click Browse and select the same web.xml file that was modified in a previous step.
- Click Next and follow through until you save the application.
- Go back to the Enterprise Applications pane and stop and start the jts_war application.
- Repeat the preceding steps for other installed applications (ccm.war, qm.war, and rs.war).
- Disable Require SSL for Single Sign On.
- In WebSphere Integrated Solutions Console, click Global security > Web and SIP Security > Single sign-on (SSO).
- Clear the Require SSL check box.
- Disable secure cookies.
- Log in to the Integrated Solutions Console and click .
- Under Server Infrastructure, expand Java and Process Management and click Process definition.
- Click Java Virtual Machine and then click Custom properties.
- Click New and add the following custom
property:
Name: com.ibm.team.jfs.app.oauth.OAuthHelper.disableSecureCookies Value: true
- Click Apply and Save directly to the master configuration.
- For the changes to take effect, restart the application server.
- Disable the Restrict cookies to HTTPS sessions:
- In WebSphere Integrated Solutions Console, click .
- Clear the Restrict cookies to HTTPS sessions check box.
- Open a browser, go to http://hostname.example.com:9080/jts/setup, and continue with the setup wizard. Verify that you do not get redirected to https://hostname.example.com:9443/jts/setup.
Modifying the Jazz Authorization Server settings
To disable security certificates for the Jazz Authorization Server, complete the
next steps.
- Check whether the JazzAuthServer/wlp/usr/servers/jazzop directory contains
the appConfig.xml file. If not, copy this file from the
JazzAuthServer/wlp/usr/servers/jazzop/defaults directory to the parent
directory. Important: Before you perform this step, ensure that the parent directory does not already contain the appConfig.xml file. Otherwise, you will overwrite any customizations.
- Using a text editor, open the appConfig.xml file for editing.
- In the
<oauthProvider>
section, change the value of thehttpsRequired
attribute from"true"
to"false"
. After the change, the<oauthProvider>
section of the file will look similar to the following example:<oauthProvider id="JazzOP" httpsRequired="false" autoAuthorize="true" customLoginURL="/jazzop/form/login" accessTokenLifetime="7201" authorizationGrantLifetime="604801"> <autoAuthorizeClient>client01</autoAuthorizeClient> <databaseStore dataSourceRef="OAuthFvtDataSource" /> </oauthProvider>
- Search for httpEndpoint and delete the <samesite>
included tag. The code snippet should look like
this:
<httpEndpoint host="*" httpPort="9280" httpsPort="9643" id="defaultHttpEndpoint"> </httpEndpoint>
- Go to the JazzInstallDir/server/liberty/servers/clm directory, where JazzInstallDir is the directory where Jazz Team Server is installed, and open the server.xml file for editing.
- Search for webAppSecurity and change the ssoRequiresSSL
value to false. The code snippet should look like
this:
<httpSession invalidateOnUnauthorizedSessionRequestException="true" cookieSecure="false"/> <webAppSecurity ssoRequiresSSL="false"/>
For more information about customizing the files in the JazzAuthServer/wlp/usr/servers/jazzop/defaults directory, see Managing users on Jazz Authorization Server.
Modifying the LDX and LQE settings
You must change the LDX and LQE settings for Liberty and WebSphere Application Server.
To change the LDX and LQE setting, edit the lqe.properties file and change lqe.disable.secure.cookies = true.