Disabling security certificate settings

If you do not require secure connections, the security settings can be disabled.

Important: These instructions explain how to disable the SSL certificate, which permits unencrypted connections to the server, including user login credentials. Disabling SSL can create a security exposure where a malicious user within the network can attack the system. For secure connections, create a self-signed certificate that identifies the host by its network name, or request a certificate that is signed by a trusted certificate authority (CA). If the system is already configured and uses a secure public URI, you cannot disable the security for the applications because the server has already cached a secure public URI. You must run these instructions before you configure your server by running the setup wizard.
Important: Make sure SameSite is disabled in your browser.

Modifying the IBM WebSphere Liberty settings

Note: You must have started the IBM® WebSphere® Liberty server at least one time.
  1. Go to the JazzInstallDir/server/liberty/servers/clm directory, where JazzInstallDir is the directory where Jazz® Team Server is installed, and open the server.xml file for editing.
  2. Search for httpSession and change the cookieSecure value to false.
  3. Search for webAppSecurity and change the ssoRequiresSSL value to false. The code snippet should look like this:
    <httpSession invalidateOnUnauthorizedSessionRequestException="true" cookieSecure="false"/>
    <webAppSecurity ssoRequiresSSL="false"/>
  4. Search for httpEndpoint and delete the <samesite> included tag. The code snippet should look like this:
    <httpEndpoint
     id="defaultHttpEndpoint"
     host="*"
     httpPort="9080"
     httpsPort="9443">
</httpEndpoint>
  5. Go to the JazzInstallDir/server/liberty/servers/clm/apps/jts.war/WEB-INF directory.
  6. Edit the web.xml file in this directory and change all occurrences of CONFIDENTIAL to NONE.
  7. Repeat the preceding steps to edit the web.xml for the following installed applications:
    Table 1. Path to the web.xml files
    Application Path to the web.xml file
    Engineering Workflow Management JazzInstallDir/server/liberty/servers/clm/apps/ccm.war/WEB-INF/web.xml
    Engineering Test Management JazzInstallDir/server/liberty/servers/clm/apps/qm.war/WEB-INF/web.xml
    Report Builder JazzInstallDir/server/liberty/servers/clm/apps/rs.war/WEB-INF/web.xml
  8. Disable secure cookies.
    Liberty server:
    1. Go to JazzInstallDir/server and open server.startup for editing.
    2. Enter the following line:For Unix operating systems
      JAVA_OPTS="$JAVA_OPTS -Dcom.ibm.team.jfs.app.oauth.OAuthHelper.disableSecureCookies=true"
      For Windows operating system
      set JAVA_OPTS=%JAVA_OPTS% -Dcom.ibm.team.jfs.app.oauth.OAuthHelper.disableSecureCookies=true
  9. Restart the WebSphere Liberty server.
  10. Open a browser and go to http://hostname.example.com:9080/jts/setup and continue with the setup wizard. Also, verify that you do not get redirected to https://hostname.example.com:9443/jts/setup.

Modifying the Jazz Authorization Server settings

To disable security certificates for the Jazz Authorization Server, complete the next steps.
  1. Check whether the JazzAuthServer/wlp/usr/servers/jazzop directory contains the appConfig.xml file. If not, copy this file from the JazzAuthServer/wlp/usr/servers/jazzop/defaults directory to the parent directory.
    Important: Before you perform this step, ensure that the parent directory does not already contain the appConfig.xml file. Otherwise, you will overwrite any customizations.
  2. Using a text editor, open the appConfig.xml file for editing.
  3. In the <oauthProvider> section, change the value of the httpsRequired attribute from "true" to "false". After the change, the <oauthProvider> section of the file will look similar to the following example:
    <oauthProvider id="JazzOP"
   httpsRequired="false"
   autoAuthorize="true"
   customLoginURL="/jazzop/form/login"
   accessTokenLifetime="7201"
   authorizationGrantLifetime="604801">
   <autoAuthorizeClient>client01</autoAuthorizeClient>
   <databaseStore dataSourceRef="OAuthFvtDataSource" />
</oauthProvider>
  4. Search for httpEndpoint and delete the <samesite> included tag. The code snippet should look like this:
    <httpEndpoint host="*" httpPort="9280" httpsPort="9643" id="defaultHttpEndpoint">
    </httpEndpoint>
  5. Go to the JazzInstallDir/server/liberty/servers/clm directory, where JazzInstallDir is the directory where Jazz Team Server is installed, and open the server.xml file for editing.
  6. Search for webAppSecurity and change the ssoRequiresSSL value to false. The code snippet should look like this:
    <httpSession invalidateOnUnauthorizedSessionRequestException="true" cookieSecure="false"/>
    <webAppSecurity ssoRequiresSSL="false"/>

For more information about customizing the files in the JazzAuthServer/wlp/usr/servers/jazzop/defaults directory, see Managing users on Jazz Authorization Server.

Modifying the Link Index Provider and Lifecycle Query Engine settings

You must change the LDX and Lifecycle Query Engine settings for IBM WebSphere Liberty.

To change the LDX and Lifecycle Query Engine setting, edit the lqe.properties file and change lqe.disable.secure.cookies = true.