Easing user acess to Jazz repository: user self register and license assignment

In the deployment of the CLM solution (or a subset of the applications), there is always a key decision on how you want your user registry to get configured. The Jazz Team Server component is the one managing the users registry in one of the following supported flavours:

– Tomcat registry: allowing the users to be created directly from Jazz Team Server administration Web UI
– LDAP: the enterprise registry will feed the Jazz Team Server users registry
– External Registry: none of the above fit in your environment.

Regardless of the type of registry we configure, for a user to be able to begin working on your CLM environment, the following conditions have to be met:

  1. User is granted to access the repository: when prompted with user/password the credentials are accepted by the application server (whether Tomcat or WebSphere Application Server), and validated with the configured directory at application server level: Tomcat files, LDAP, WebSphere Federated Repositories, …
  2. There is a record in the Jazz Team Server users registry matching the ID: the application server, once authenticated, forwards the credentials to Jazz, which looks for a corresponding registry

OK, now the user is in, can he/she begin working? Well, not really, depending on how the Project Areas are configured the user may be able to browse artifacts, and a Project Area administrator (or a user with JazzProjectAdmins role) could make him member of a Project Area with certain roles and permissions … but the user will need a license to perform modifications.

Focusing in a typical enterprise user registry configuration (i.e., using LDAP or External Registry configuration), the user registry in Jazz Team Server will have to be created by either an administrator or user import task (see Synchronizing LDAP with Jazz Team Server repository user information), and the administrator would have to assign him a valid license.

When coming to these operations, I usually get asked “I trust my LDAP configuration … ain’t there any way to avoid this register operation?”, “How can I perform a default license assignment for new users?”, …. In this post, I will show you a couple of configuration properties that will allow a user to self register in Jazz and get a default license assigned.

As a Jazz repository administrator (user with JazzAdmins role), perform the following operations:

1. Log in to Jazz Administration page: https://<host&gt;:<port>/jts/admin
2. Click the Server tab and then click on Advanced Properties

3. Look for an entry called “WS Allow Self Registration” within “com.ibm.team.repository.service.internal.ServletConfigurationService” section
4. Configure it as “True” and Save the modifications

At this point, any new user that gets authenticated, will have its Jazz user registry authomatically configured. Now you want him a default license assigned? Perform the following steps

1. Back in the Server tab of the Jazz Administration page, click on “License Key Management”
2. Click on the edit button for “Default Client Access License Key” and select the license type you want new users to be assigned

Now you are done,  any new user will be able to access to your CLM solution after authenticating, and get a default license.

Note that this won’t grant access to project areas which are not public, nor will assign him to one with a role. But it will allow the project administrator to assign it to one or start browsing the repository without waiting for the administrator (or sync tasks).


2 thoughts on “Easing user acess to Jazz repository: user self register and license assignment

  1. I’m not sure exactly why but this blog is loading extremely slow for me. Is anyone else having this problem or is it a problem on my end? I’ll check back later on and see if the problem
    still exists.

  2. Very great post. I simply stumbled upon your blog and
    wanted to say that I have truly enjoyed browsing your blog posts.
    After all I will be subscribing on your rss feed and I hope you write once more very soon!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s