IBM Sustainability Software - Ideas Portal


This portal is to open public enhancement requests against the products and services belonging to IBM Sustainability Software. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Not under consideration
Workspace IBM Engineering - Foundation/Common Services
Categories Usability
Created by Guest
Created on Jul 3, 2024

RELATED IDEAS

Add support for Kerberos and IWA in the EWM thick clients like EWM Eclipse Client when JAS is in use

Kerberos/SPNEGO authentication is only supported through the browser.

If username/password authentication is not going to work for the user, they would need to generate an application password, authenticate with JAS using the supported authentication method then generate an application password to be used in the future.

In the case of the application password, there would be an additional layer of responsibility for the end user, managing their tokens.

They may need to be regenerated and created as they expire or are lost. There is also some additional configuration that is required to get them to work with JAS.

This is unacceptable considering our company's Security Policy, as no type of password can be saved locally.


Also once configured to use application password, username and password authentication will no longer be accepted on application password enabled clients.


See https://jazz.net/wiki/bin/view/Main/KerberosJASELMSetup
and https://jazz.net/wiki/bin/view/Main/ApplicationPasswordsForNativeClients
for additional details.

Idea priority Medium
Needed By Month
  • Post comment
  • Guest
    Reply
    |     Sep 26, 2024

    Hello Team,

    I need IBM support to try out the instructions provided in https://www.ibm.com/docs/en/engineering-lifecycle-management-suite/lifecycle-management/7.0.3?topic=sso-configuring-engineering-lifecycle-management-client-kerberosspnego in one of our system, to verify if that helps us to allow login ALM from Eclipse Client via SSO.

    would you please invite me for a meeting ? or kindly share your email address.

    Thanks!

  • Guest
    Reply
    |     Sep 19, 2024

    Does this apply to Jazz Authentication Server (JAS) as well?

    For us it seems like (and also IBM support told us) JAS only supports OIDC and there we do not have single sign-on via Eclipse, MSSCCI, JAVA API, and the SCM command line client. As stated in my comment on July 23, 2024 this is our main concern.

  • Guest
    Reply
    |     Sep 18, 2024
    Thank you for submitting this Idea for Kerberos/SPEGNO authentication. It should be possible to configure EWM Eclipse Clients if you give the authorization server access to LDAP for lookups and user groups. Note that the EWM client does not support re-directs from the identity provide but some provides may require them. Setup instructions can be found here: https://www.ibm.com/docs/en/engineering-lifecycle-management-suite/lifecycle-management/7.0.3?topic=sso-configuring-engineering-lifecycle-management-client-kerberosspnego

    Support may be able to help with setting up your configuration as well.

    Thank you.
  • Guest
    Reply
    |     Sep 11, 2024

    Do we have any progress here ? or what is IBM plan ?

  • Guest
    Reply
    |     Jul 23, 2024

    In my opinion, Kerberos/SPNEGO is used for enabling single sign-on to ALM, meaning users don't need to enter their username or password. Previously, we were able to configure this for the Eclipse client, MSSCCI, JAVA API, and the SCM command line client. However, with JAS, this single sign-on implementation is no longer available for these tools.

    It seems that the solution for single sign-on for non-web clients should be OIDC, but this is not available for the mentioned tools (even though they are provided by IBM).

    The issue addressed by this request results in enhanced security and user comfort.

    Please provide a solution so that we can once again sign in via single sign-on using the Eclipse client, MSSCCI, JAVA API, and the SCM command line client.

  • Guest
    Reply
    |     Jul 23, 2024
    The EWM Ideas Review board looked at this request and would like to better understand the why? i.e., the problem we are trying to solve. Thanks

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.