Versions Compared

Version Old Version 1 New Version 2
Changes made by

Frank Asseg

Frank Asseg

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • OAuth 2.0

  • OAuth 1.0a

  • Fixed headers (e.g. Basic Auth)

  • Forwarded headers

Context

CDCM often interacts with various external systems in an infrastructure. For example, a server-side guard JavaScript may call an external system while verifying that a concept may be saved, or CDCMs creates a UI for the selection of a work product reference by accessing the REST API of Storage Location. These calls to external systems may require different forms of authentication. It is not safe to assume that all external systems may be authenticated using the authenticated users bear token obtained from the customer’s identity provider (IDP hereafter); some system may not be directly integrated with the customers IDP or may not support REST calls using the IDP’s bearer token (e.g. IBM ELM). Also for some external systems it may be desirable to authenticate with a Service Principal (aka technical user).

The Connection routing feature configures the authentication calls to all external systems. For each outbound call to an external system CDCM consults the connection-routing.ymlfile to determine how this call should be authenticated.

Connection routing enables the user to connect to external systems like IBM ELM or CodeBeamer using various authentication mechanisms. In order to integrate those external systems CDCM has to communicate to these systems via the http protocol. Authentication of these requests depends on the external system. IBM ELM uses OAuth 1.0a, while Codebeamer supports OAuth 2.0. Connection routing allows for example communication to CodeBeamer using OAuth 2.0, while communicating with IBM ELM using OAuth 1.0a in parallel. Connection routing maintains multiple authentications to different external systems and chooses the right authentication mechanisms for external server calls based on their URIs.

By default all outgoing calls to external systems are authenticated using the logged in user’s bear token obtained from the IDP.

Description

Connection routing let’s you define the type of authentication mechanism, based on a set of URIs with ant paths. An ant path supports optional wildcards. Connection routing will choose the authentication mechanism based on matching ant paths. The connection routing configuration file connection-routing.yml let’s you define a list of external server connections

...