Configuring Jazz Team Server single sign-on authentication for Publishing Document Builder
You can set Publishing Document Builder to use Jazz Team Server (JTS) single sign-on (SSO) authentication.
About this task
This type of authentication is supported on WebSphere® Application Server and WebSphere Application Server Liberty Profile . The Liberty server must be configured for https connections.
- Jazz Security Architecture SSO authentication: Jazz Security Architecture SSO is an authentication protocol based on the OpenID Connect standard. Authentication services are provided by the Jazz Authorization Server, which must be installed somewhere in your network.
- WebSphere Application Server with Lightweight Third-Party Authentication (LTPA) SSO authentication: With LTPA, a user's login credentials are stored in a session cookie that is available for the current browser session only. This cookie contains the LTPA token.
- The Authentication Method is set to Auto when connection is created for the data source
- Publishing Document Builder does not have to be deployed on the same domain as the Engineering Lifecycle Management applications.
- If the data source connection is to ELM application registered with another JTS, then you must provide connection credentials when generating a document.
- Publishing Document Builder must operate in HTTPS mode, for example https://hostname:port/rpeng/)
- This setting does not work for scheduled document generations.
Install and configure Jazz Team Server with a SSO authentication
- Install Jazz Team Server.
Enable one of the following SSO (single sign-on) authentication types:
To deploy SSO on WebSphere Application Server, see the Deploying WebSphere Application Server by using single sign-on authentication topic.
- Jazz Security Architecture
For new installations, you enable Jazz Security Architecture SSO by selecting it as an option during the installation process. For more information, see Installing IBM Engineering Lifecycle Management by using IBM Installation Manager.
For existing installations, you enable Jazz Security Architecture SSO by performing a migration procedure after you upgrade to the current release. For more information, see Enabling Jazz Security Architecture single sign-on after an upgrade.
- IBM WebSphere Application Server with Lightweight Third-Party Authentication (LTPA)
- Jazz Security Architecture
- Deploy and start the Jazz Team Server and other ELMapplications on the application server.
- For the Jazz Security Architecture SSO authentication type, ensure that you deploy and start Jazz Authorization Server.
- Run the Custom setup wizard to configure the server.
Register Publishing Document Builder with Jazz Team Server
- Start Publishing Document Builder.
Log in to the Administration page of the JTS. Point
your web browser to
- Click the Server tab.
- In the Configuration section, click Registered Applications.
- In the Registered Applications section, click Add.
- In the Add Application window, complete
the following information about your application.
Option Description Application Name A name for the application, for example /rpeng. It must be unique among all applications that are registered with the JTS.
The service contribution resource (SCR) URL for the application. In general, for the Discovery URL, add /scr to the end of the public URL of the application. For example, if the public URL is https://qualified.hostname.com:port/rpeng, the corresponding SCR URL would be https://qualified.hostname.com:port/rpeng/scr.
Application Type After you type the Discovery URL, wait a few moments and the Jazz Team Server will detect the type of application that you are registering. Consumer Secret Type a consumer secret for the application that you are registering. JTS automatically generates a consumer key.
Functional User ID
Type the user ID of the functional user that performs background tasks, for example pub_user .
Authorization Server URL Enter https://qualified.hostname.com:9643/oidc/endpoint/jazzop. Administrator User ID Enter administrator credentials, for example ADMIN. Administrator Password Enter the administrative password.
- Click Finish.
Set up Publishing Document Builder with Jazz Team Server SSO authentication
- Log in to Publishing Document Builder as an administrator.
- To administer the application, click Administration menu in the product banner.
- Select Administer from the drop-down menu.
- Click Runtime Variables tab.
- In the Runtime Variables tab, expand Authentication Switching, and click the Edit link.
- In the Authentication type drop-down list, select JTS Authentication.
- Click Save.
- In a browser, open the URL for Publishing Document Builder. The authentication is delegated to the JTS single sign-on page.