Configuring Jazz Authorization Server after server rename

If you are using Jazz Security Architecture, extra steps must be done after the server rename process such as re-enable the Jazz® Authorization Server and manually change the host references on the Jazz Authorization Server production environment.

Setting up a test staging environment with Jazz SSO

If Jazz SSO is implemented in your production environment, you can create a staging environment that uses the production data. See, Setting up a test staging environment with production data. You must do the following actions in addition to the instructions mentioned in the Setting up a test staging environment with production data:

Additional steps to take in your staging environment

If you are using the IBM HTTP Server, ensure to include the staging Jazz Authorization Server in your other updates.

After you complete the server rename verification process, you must re-enable the Jazz Authorization Server and manually change any host references on the production Jazz Authorization Server environment so that they point to the staging Jazz Authorization Server environment.

To re-enable the Jazz SSO, shut down all applications on the staging environment. For Jazz Team Server, Engineering Workflow Management, Data Collection Component, Global Configuration Management, Engineering Test Management, Engineering Insights and Engineering Requirements Management DOORS® Next, edit or add the following line in teamserver.properties: 
com.ibm.team.repository.servlet.sso_authenticationActivated=true
For rs, edit or add the following line in app.properties: 
authenticationEnabled=true

Log in to staging Jazz Authorization Server environment and edit the client backup file on the production Jazz Authorization Server environment via lsclient. This file is in JSON format, and contains entries for each application on the production environment. You must update the hostnames in this file to reflect the new host names, which you have assigned to the applications in the staging environment. Ensure to update all of the URLs as there might be multiple entries in each client section.

The following image illustrates sample entry for Jazz Team Server . The entries that are highlighted in the image are from a production server and must be updated to point to the staging server. You must update entries for all other applications.

Entries that need to be updated in the production server to point to the staging server.
After you have edited the client file to point to the staging URLs, load that file into the Jazz Authorization Server:
  1. Log in to the staging Jazz Authorization Server.
  2. Ensure that Jazz Authorization Server is running.
  3. Run the following commands:
    
cd /opt/IBM/JazzAuthServer/cli
./ldclient -u adminUser:adminPassword prodjas.backup
You must manually update application properties files to point to the staging Jazz Authorization Server environment. For Jazz Team Server, Engineering Workflow Management, Data Collection Component, Global Configuration Management, Engineering Test Management, Engineering Insights and Engineering Requirements Management DOORS Next, edit or add the following line in teamserver.properties: 
com.ibm.team.repository.servlet.sso_as=https\://StagingJAS\:9643/oidc/endpoint/jazzop
For rs, edit or add the following line in app.properties: 
jsa.auth.server.url=https\://StagingJAS.com\:9643/oidc/endpoint/jazzop

In the previous examples, replace StagingJAS.com with the hostname of the staging Jazz Authorization Server and change the port to match your staging JAS configuration.

Start CLM applications on the staging environment.

Other considerations

If JTS is configured in the production environment as a license server, information on the license page is not displayed until you complete the server rename verification process and re-enable the Jazz Authorization Server. You might see errors that are related to the license service in the jts.log during the server rename verification process. You can ignore these errors.

If you are using token license, you can share a IBM License Server between the production and staging systems.

Moving a pilot or full production deployment with Jazz SSO

You can rename a small pilot or full production deployment. For instructions on creating a staging environment that uses the production data, see Moving a pilot or full production deployment by using server rename. You must do the following actions in addition to the instructions mentioned in the Moving a pilot or full production deployment by using server rename:

Additional steps to be performed in the target environment

After you complete the server rename verification process, you must re-enable the Jazz Authorization Server and manually change any host references on the source Jazz Authorization Server environment so that they point to the target Jazz Authorization Server environment.

To re-enable the Jazz SSO, shut down all applications on the staging environment. For Jazz Team Server, Engineering Workflow Management, Data Collection Component, Global Configuration Management, Engineering Test Management, Engineering Insights and Engineering Requirements Management DOORS Next, edit or add the following line in teamserver.properties: 
com.ibm.team.repository.servlet.sso_authenticationActivated=true
For rs, edit or add the following line in app.properties: 
authenticationEnabled=true

Log in to target Jazz Authorization Server environment and edit the client backup file generated on the source Jazz Authorization Server environment via lsclient. This file is in JSON format, and contains entries for each application on the production environment. You must update the hostnames in this file to reflect the new hostnames which are assigned to the applications in the target environment. Ensure to update all of the URLs as there might be multiple entries in each client section.

The following image illustrates sample entry for the Jazz Team Server. The entries that are highlighted in the image are from a source server and need to update those entries to point to the target server. You must update entries for all other applications.

Entries that need to be updated in the source server to point to the target server.
After you have edited the client file to point to the target URLs, load that file into the Jazz Authorization Server:
  1. Log in to the staging Jazz Authorization Server.
  2. Ensure that Jazz Authorization Server is running.
  3. Run the following commands:
    
cd /opt/IBM/JazzAuthServer/cli
./ldclient -u adminUser:adminPassword prodjas.backup
You must manually update application properties files to point to the target Jazz Authorization Server environment. For Jazz Team Server, Engineering Workflow Management, Data Collection Component, Global Configuration Management, Engineering Test Management, Engineering Insights and Engineering Requirements Management DOORS Next, edit or add the following line in teamserver.properties: 
com.ibm.team.repository.servlet.sso_as=https\://StagingJAS\:9643/oidc/endpoint/jazzop
For rs, edit or add the following line in app.properties: 
jsa.auth.server.url=https\://StagingJAS.com\:9643/oidc/endpoint/jazzop

In the previous examples, replace StagingJAS.com with the hostname of the target Jazz Authorization Server and change the port to match your target JAS configuration.

Start CLM applications on the staging environment.

Other considerations

If you have configured JTS in the source environment as a license server, information on the license page is not displayed until you complete the server rename verification process and re-enable the Jazz Authorization Server. You might see errors that are related to the license service in the jts.log during the server rename verification process. You can ignore these errors.