Hi developers,
I recently had to connect to a Jazz.net environmet which uses the Jazz Authorization Service (JAS). Unfortunately even though it should have been fixed (see this bug
https://bugs.eclipse.org/bugs/show_bug.cgi?id=502182) the authentication wasn't possible. After verifying the JazzFormAuthClient I identified the error and fixed it on my own. Find below my fix to the issue.
// Check to see if the response is from a Jazz Authorization Server that supports OIDC.
// In CLM 6.x, the JAS supports Basic auth to be compatible with earlier releases.
// If we're talking to a JAS that supports OIDC, re-do the request with a Basic auth header to gain access.
if (HttpStatus.SC_UNAUTHORIZED == statusCode) { // this might be a JSA server.
if (true == handleJsaServer()) {
// Re-do the original request using Basic auth, starting at the last authorization redirect.
authenticatedIdentity = new HttpGet(lastRedirectResponse.getFirstHeader(JAZZ_JSA_REDIRECT_HEADER).getValue() + "&prompt=none");
String credentials = new String(user + ":" + password);
authenticatedIdentity.setHeader("Authorization", "Basic " + Base64.encode(credentials.getBytes("UTF-8")));
resp = httpClient.execute(authenticatedIdentity);
statusCode = resp.getStatusLine().getStatusCode();
EntityUtils.consume(resp.getEntity());
statusCode = followRedirects(statusCode, getHeader(resp,"Location"));
// add this statement to enable the usage of JAS
// otherwise the code proceed with the form-based authentication which doesn't
// work in a JAS environment
return statusCode;
}
}
It would be great if you could fix it for the existing Lyo Releases.