Disabling security certificate settings

Edit online

If you do not require secure connections, the security settings can be disabled.

Important: These instructions explain how to disable the SSL certificate, which permits unencrypted connections to the server, including user login credentials. Disabling SSL can create a security exposure where a malicious user within the network can attack the system. For secure connections, create a self-signed certificate that identifies the host by its network name, or request a certificate that is signed by a trusted certificate authority (CA). If the system is already configured and uses a secure public URI, you cannot disable the security for the applications because the server has already cached a secure public URI. You must run these instructions before you configure your server by running the setup wizard.
Important: Make sure SameSite is disabled in your browser.

Modifying the Liberty settings

Note: You must have started the WebSphere Liberty server at least one time.
  1. Go to the JazzInstallDir/server/liberty/servers/clm directory, where JazzInstallDir is the directory where Jazz® Team Server is installed, and open the server.xml file for editing.
  2. Search for httpSession and change the cookieSecure value to false.
  3. Search for webAppSecurity and change the ssoRequiresSSL value to false. The code snippet should look like this:
    <httpSession invalidateOnUnauthorizedSessionRequestException="true" cookieSecure="false"/>
    <webAppSecurity ssoRequiresSSL="false"/>
  4. Search for httpEndpoint and delete the <samesite> included tag. The code snippet should look like this:
    <httpEndpoint
     id="defaultHttpEndpoint"
     host="*"
     httpPort="9080"
     httpsPort="9443">
</httpEndpoint>
  5. Go to the JazzInstallDir/server/liberty/servers/clm/apps/jts.war/WEB-INF directory.
  6. Edit the web.xml file in this directory and change all occurrences of CONFIDENTIAL to NONE.
  7. Repeat the preceding steps to edit the web.xml for the following installed applications:
    Table 1. Path to the web.xml files
    Application Path to the web.xml file
    Change and Configuration Management (CCM) JazzInstallDir/server/liberty/servers/clm/apps/ccm.war/WEB-INF/web.xml
    Quality Management (QM) JazzInstallDir/server/liberty/servers/clm/apps/qm.war/WEB-INF/web.xml
    Report Builder JazzInstallDir/server/liberty/servers/clm/apps/rs.war/WEB-INF/web.xml
  8. Disable secure cookies.
    Liberty server:
    1. Go to JazzInstallDir/server and open server.startup for editing.
    2. Enter the following line:For Linux operating system
      JAVA_OPTS="$JAVA_OPTS -Dcom.ibm.team.jfs.app.oauth.OAuthHelper.disableSecureCookies=true"
      For Windows operating system
      set JAVA_OPTS=%JAVA_OPTS% -Dcom.ibm.team.jfs.app.oauth.OAuthHelper.disableSecureCookies=true
  9. Restart the WebSphere Liberty server.
  10. Open a browser and go to http://hostname.example.com:9080/jts/setup and continue with the setup wizard. Also, verify that you do not get redirected to https://hostname.example.com:9443/jts/setup.

Modifying the WebSphere Application Server settings

  1. Modify the web.xml file from the jts.war file that was installed into WebSphere® Application Server. Extract the .war files into a temporary area first to retrieve to the file.
  2. Change all occurrences of CONFIDENTIAL to NONE and save the file.
  3. Make sure that WebSphere Application Server is running and go to https://localhost:9043/ibm/console/logon.jsp.
  4. Click Applications > Enterprise Applications.
  5. Select jts_war and click Update.
  6. Select Replace or add a single file.
  7. In the Specify the path beginning with the installed application archive file to the file to be replaced or added field, enter jts.war/WEB-INF/web.xml.
  8. Click Browse and select the same web.xml file that was modified in a previous step.
  9. Click Next and follow through until you save the application.
  10. Go back to the Enterprise Applications pane and stop and start the jts_war application.
  11. Repeat the preceding steps for other installed applications (ccm.war, qm.war, and rs.war).
  12. Disable Require SSL for Single Sign On.
    1. In WebSphere Integrated Solutions Console, click Global security > Web and SIP Security > Single sign-on (SSO).
    2. Clear the Require SSL check box.
  13. Disable secure cookies.
    1. Log in to the Integrated Solutions Console and click Servers > Server Types > WebSphere application servers > server1.
    2. Under Server Infrastructure, expand Java and Process Management and click Process definition.
    3. Click Java Virtual Machine and then click Custom properties.
    4. Click New and add the following custom property:
      Name: com.ibm.team.jfs.app.oauth.OAuthHelper.disableSecureCookies
Value: true
    5. Click Apply and Save directly to the master configuration.
    6. For the changes to take effect, restart the application server.
  14. Disable the Restrict cookies to HTTPS sessions:
    1. In WebSphere Integrated Solutions Console, click Server > Server Types > WebSphere application servers > server_name > Session management > Enable cookies.
    2. Clear the Restrict cookies to HTTPS sessions check box.
  15. Open a browser, go to http://hostname.example.com:9080/jts/setup, and continue with the setup wizard. Verify that you do not get redirected to https://hostname.example.com:9443/jts/setup.

Modifying the Jazz Authorization Server settings

To disable security certificates for the Jazz Authorization Server, complete the next steps.
  1. Check whether the JazzAuthServer/wlp/usr/servers/jazzop directory contains the appConfig.xml file. If not, copy this file from the JazzAuthServer/wlp/usr/servers/jazzop/defaults directory to the parent directory.
    Important: Before you perform this step, ensure that the parent directory does not already contain the appConfig.xml file. Otherwise, you will overwrite any customizations.
  2. Using a text editor, open the appConfig.xml file for editing.
  3. In the <oauthProvider> section, change the value of the httpsRequired attribute from "true" to "false". After the change, the <oauthProvider> section of the file will look similar to the following example:
    <oauthProvider id="JazzOP"
   httpsRequired="false"
   autoAuthorize="true"
   customLoginURL="/jazzop/form/login"
   accessTokenLifetime="7201"
   authorizationGrantLifetime="604801">
   <autoAuthorizeClient>client01</autoAuthorizeClient>
   <databaseStore dataSourceRef="OAuthFvtDataSource" />
</oauthProvider>
  4. Search for httpEndpoint and delete the <samesite> included tag. The code snippet should look like this:
    <httpEndpoint host="*" httpPort="9280" httpsPort="9643" id="defaultHttpEndpoint">
    </httpEndpoint>
  5. Go to the JazzInstallDir/server/liberty/servers/clm directory, where JazzInstallDir is the directory where Jazz Team Server is installed, and open the server.xml file for editing.
  6. Search for webAppSecurity and change the ssoRequiresSSL value to false. The code snippet should look like this:
    <httpSession invalidateOnUnauthorizedSessionRequestException="true" cookieSecure="false"/>
    <webAppSecurity ssoRequiresSSL="false"/>

For more information about customizing the files in the JazzAuthServer/wlp/usr/servers/jazzop/defaults directory, see Managing users on Jazz Authorization Server.

Modifying the LDX and LQE settings

You must change the LDX and LQE settings for Liberty and WebSphere Application Server.

To change the LDX and LQE setting, edit the lqe.properties file and change lqe.disable.secure.cookies = true.