Configuring Jazz Team Server single sign-on authentication for Publishing Document Builder

You can set Publishing Document Builder to use Jazz Team Server (JTS) single sign-on (SSO) authentication.

About this task

This type of authentication is supported on WebSphere® Application Server and WebSphere Application Server Liberty Profile . The Liberty server must be configured for https connections.

The following types of SSO authentication are supported:
  • Jazz Security Architecture SSO authentication: Jazz Security Architecture SSO is an authentication protocol based on the OpenID Connect standard. Authentication services are provided by the Jazz Authorization Server, which must be installed somewhere in your network.
  • WebSphere Application Server with Lightweight Third-Party Authentication (LTPA) SSO authentication: With LTPA, a user's login credentials are stored in a session cookie that is available for the current browser session only. This cookie contains the LTPA token.
Note: When Publishing Document Builder is configured with Jazz SSO authentication, if you are logged in to Publishing Document Builder, you do not have to enter the data source credentials again when generating a document with data from any IBM Engineering Lifecycle Management (ELM) applications that use the same JTS. To take advantage of not having to reauthenticate, see the following details:
  • The Authentication Method is set to Auto when connection is created for the data source
  • Publishing Document Builder does not have to be deployed on the same domain as the Engineering Lifecycle Management applications.
  • If the data source connection is to ELM application registered with another JTS, then you must provide connection credentials when generating a document.
  • Publishing Document Builder must operate in HTTPS mode, for example https://hostname:port/rpeng/)
  • This setting does not work for scheduled document generations.

Install and configure Jazz Team Server with a SSO authentication


  1. Install Jazz Team Server.
  2. Enable one of the following SSO (single sign-on) authentication types:
    To deploy SSO on WebSphere Application Server, see the Deploying WebSphere Application Server by using single sign-on authentication topic.
  3. Deploy and start the Jazz Team Server and other ELMapplications on the application server.
  4. For the Jazz Security Architecture SSO authentication type, ensure that you deploy and start Jazz Authorization Server.
  5. Run the Custom setup wizard to configure the server.

Register Publishing Document Builder with Jazz Team Server


  1. Start Publishing Document Builder.
  2. Log in to the Administration page of the JTS. Point your web browser to
  3. Click the Server tab.
  4. In the Configuration section, click Registered Applications.
  5. In the Registered Applications section, click Add.
  6. In the Add Application window, complete the following information about your application.
    Option Description
    Application Name A name for the application, for example /rpeng. It must be unique among all applications that are registered with the JTS.

    Discovery URL

    The service contribution resource (SCR) URL for the application. In general, for the Discovery URL, add /scr to the end of the public URL of the application. For example, if the public URL is, the corresponding SCR URL would be

    Application Type After you type the Discovery URL, wait a few moments and the Jazz Team Server will detect the type of application that you are registering.
    Consumer Secret Type a consumer secret for the application that you are registering. JTS automatically generates a consumer key.

    Functional User ID

    Type the user ID of the functional user that performs background tasks, for example pub_user .

    Authorization Server URL Enter
    Administrator User ID Enter administrator credentials, for example ADMIN.
    Administrator Password Enter the administrative password.
  7. Click Finish.


Publishing Document Builder appears in the list of applications in the Jazz home menu.
Generate Documents in menu

Set up Publishing Document Builder with Jazz Team Server SSO authentication


  1. Log in to Publishing Document Builder as an administrator.
  2. To administer the application, click Administration menu in the product banner.
  3. Select Administer from the drop-down menu.
  4. Click Runtime Variables tab.
  5. In the Runtime Variables tab, expand Authentication Switching, and click the Edit link.
  6. In the Authentication type drop-down list, select JTS Authentication.
  7. Click Save.
  8. In a browser, open the URL for Publishing Document Builder. The authentication is delegated to the JTS single sign-on page.