Starting with Jama Connect 8.31, SAML is now available to our self-hosted customers. One of the limitations of SAML when self-hosting Jama is that it breaks the ability for REST API users and scripts to authenticate with Jama. This is because REST API calls bypass SAML and use Jama’s authentication, however, when SAML is enabled in an environment, all passwords that Jama maintains for a user that logs in via SAML are removed. This makes it impossible for a SAML user to authenticate to the API. The good news is that we do have a workaround for self-hosted customers who would like to use SAML for their user’s authentication. Simply add a single user that will only be used to make API calls, and do not enable SAML for that user. Below are the steps to take to accomplish this:
1. Make sure that the API is enabled:
Log into Jama using the root user and go to system properties->General Properties. Click on “edit” in the upper right and make sure the “Allow access to REST API” box is checked.
Click “save” in the upper right and log out of Jama.
2. Use Swagger to create a new API only user:
Log into Jama and navigate to Swagger. This can be done by changing the URL to: <BaseURL>/api-docs/
At the bottom of the page expand the users tab by clicking on "users" then click on "Expand Operations" to display the available API calls.
Select “Create new user”.
a) Click in the example view field on the right to populate the body field on the left
b) Fill out the body field with the information for the API user. Note: you will not be able to reset the password for this user through the API after creation.
c) Select “Try it now”
This creates a user that does not have SAML enabled and can use Basic Auth to authenticate with the REST API. Use this user account to interact with the REST API. More information on the REST API can be found here.