Versions Compared

Old Version 14

changes.mady.by.user Rene Beckert

Saved on

compared with

New Version Current

changes.mady.by.user Marius Balaban

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The following steps should already have been done before you install the OSLC Connector for Codebeamer. Please make sure that

...

:

Note

The OAuth client MUST fulfil fulfill the following requirements:

  1. has to be a private client (so it has a key and secret)

  2. has to be OIDC

  3. grant type must be authorization code flow code 

  4. the redirect URI must be https://<oslc connector url>/login/oauth2/code/custom

Prepare the Deployment

Add library Repository for the OSLC Connector for Codebeamer

Note

You will need a username and password to download the helm chart and containers from MID's repository. You will receive username and password from your MID contact or from cops@mid.de.

Code Block
breakoutModewide
sudo helm repo add library https://repo.secure.mid.de/chartrepo/library --username <USERNAME> --password <PASSWORD>
Code Block

sudo helm repo update

Customize Values File

  • Change to your user's home directory on the server and create a new text file values-genoslc-codebeamer.yaml with the following content:

Code Block

...

breakoutModewide
languageyaml
genoslcToolServiceVersionOverride: ""

...

genoslcCodebeamerPluginVersionOverride: "

...

"

...

global:

...

...

 # Domain

...

of the cluster or of the external reverse proxy
  domain: "example.com" 
  
  # Setup OIDC

...

information

...

...

...

oidc:

...

...

...

...

...

#

...

OIDC

...

Client

...

ID

...

registerd

...

for

...

this

...

application

...

clientId: "

...

"

...

# OIDC Client Secret registered for this application

...

clientSecret: "

...

"

...

...

#

...

SSL

...

certificates

...

cert:

...

overrideTruststorePassword: "changeit"

...

secretName: "

...

"

...

...

...

...

crtFullChain:

...

""

...

 key: ""

...

identity:
    # OIDC

...

Issuer URL, taken from the /.well-known/openid-configuration

...

endpoint

...

   OIDC_ISSUER: "

...

"

...

...

...

hosts:

...

  genoslc:
      #

...

The subdomain where the OSLC Connector for Codebeamer will be accessible
      subdomain: "genoslc-codebeamer"  
      port: ""

env:

...

tool:

...

...

...

 # Possible

...

values: "

...

"|"codebeamer"
    # Setting it to "codebeamer" will tell the helm chart to setup the Codebeamer Widget container in the pod
    # Required for a complete integration in the Codebeamer UI
    type: "codebeamer"
    # Codebeamer API URL
    # Usually it is the <codebeamer instance URL>/api/v3/ or <codebeamer instance URL>/cb/api/v3/
    adaptedToolApiUri: ""
    # URL where the Codebeamer application is accessible
    adaptedToolRootUri: ""
    # Timezone set in Codebeamer
    # See chapter 1.1.22.1 in https://codebeamer.com/cb/wiki/5848463
    adaptedToolToolTimeZone: "UTC"
    # base64 encoded technical user credentials
    # Required when if TRS is enabled
    adaptedToolTechnicalUserAuthorizationHeader: ""
    # URL where the Codebeamer Widget will be accessible;
    # Must fill the base URL of the OSLC Connector for Codebeamer
    widgetUrl: "<baseUrl>/cb"
  
  # If the flag "manualLoginRequired" is set to "true", the plugin will not attempt to automatically login the user.
  # This flag should be enabled if many users that do not have access to a third party app connected
  # via the OSLC Connector.
  manualLoginRequired: "false"
  
  # By default, the authorization URI will be retrieved from the issuer URI
  # However, if you need to configure custom query parameters for the authorization request
  # you can set it up
  # e.g. for acr_values
  # https://<auth_uri>/<path>?acr_values=<value>
  authorizationUri: ""
  
  # The introspection URI will be use to validate and retrieve token data necessary for user identification
  # Mandatory from OSLC Connector for Codebeamer 2024.09.1
  introspectionUri: ""
  
  configuration:
    # Give a list of up to 5 usernames of users which will have the administration right to change settings
    # in

...

 the OSLC Connector. Inbound details and Outbound details can be managed only by administrators. 
    # At

...

least one administrator user must be stated here.
    administrators: []
    #

...

Below is a commented version of the tree above with only the parameters that need to be edited:

global:

...

domain: Replace with your domain name.

...

cert:

  • crtFullChain: The base64 encoded full certificate chain for your instance

  • key: The base64 encoded server key for your instance

...

ingress:

  • ingressClassType: If you are using nginx as the ingress controller, uncomment the “ingressClassType” property.

...

oidc:

  • clientId: This is the client ID which is configured in your OIDC provider

  • clientSecret: This is the client secret which is configured in your OIDC provider

...

hosts:

  • genoslc:

    • subdomain: The subdomain of your genoslc host, e.g. genoslc-codebeamer

...

secrets:

  • oauth2:

    • wellknown: “https://<FQDN of your OIDC provider>/auth/realms/MID/.well-known/openid-configuration“

  • identity:

    • OIDC_ISSUER: “https://<FQDN of your OIDC provider>/auth/realms/MID"

...

env:

  • allowedCorsOrigins: The FQDN of your SmartFacts instance

  • globalConfigurationProvider: “https://<ELM instance>:9443/gc” # e.g. https://ibm-elm:9443/gc

  • linkValidityProvider: "https://<ELM instance>:9443/jts" # e.g. https://ibm-elm:9443/jts

  • authorizationUri: "https://<FQDN of your OIDC provider>/auth/realms/MID/protocol/openid-connect/auth"

  • tokenUri: "https://<FQDN of your OIDC provider>/auth/realms/MID/protocol/openid-connect/token"

  • userInfoUri:

    • tool:

      • adaptedToolApiUri: “<URL of your Codebeamer instance>“

      • adaptedToolRootUri: “<URL of your Codebeamer instance>“

      • adaptedToolTechnicalUserAuthorizationHeader: “Basic <base64 encoded username:password>”

...

Key used to encrypt the oauth10a configuration data in the database
    oauth10aEncryptionKey: ""  
  # oidc section overwrites the information set in the global.oidc section
  oidc:
    # OIDC Client ID registerd for this application
    clientId: ""
    # OIDC Client Secret registered for this application
    clientSecret: ""
    # Name of a Kubernetes secret containing clientId and clientSecret.
    secretName: ""
  # Sets the JWT claim to be used for user identification
  # e.g. preferred_username, sub, oid
  userNameAttribute: "preferred_username"
  # Sets the client authentication method to be used in the authentication process
  # Valid values are: client_secret_basic, client_secret_post, none
  # Default value is "client_secret_basic"
  clientAuthenticationScheme: "client_secret_basic" 
  # Sets the user info authentication method
  # valid values are: header, form, query
  userInfoAuthenticationMethod: "header" 
  # Sets the client scopes used in the authentication process
  # Default value "openid"
  clientScope: "openid" # comma separated list of scopes (e.g. "read, write")
  # Sets the application to use PKCE when authenticating the user https://oauth.net/2/pkce/
  # Default value is true
  # Set pkceEnabled to false if the OIDC provider does not support PKCE
  pkceEnabled: true
  
  # Sets the URL where the OSLC Connector for Codebeamer is accessible
  # Mandatory
  publicUri: ""  
  # Sets the URL where the OSLC Connector for Codebeamer is accessible
  # URL must be <publicUri>/spa
  # Mandatory
  pluginUri: ""
  # Comma separate list of applications that are allowed to make requests to the OSLC Connector API
  # Examples:
  # Third party applications that connect to the OSLC Connector for Codebeamer
  # Codebeamer
  allowedCorsOrigins: ""
  # URLs of other OSLC Connectors (Smartfacts, Jama, PREEvision, Octane, DOORS Classic) that are connected
  # to this instance via an association. 
  knownContextRoots: ""
  # Sets the Global Configuration provider
  # Example: https://<ibm-elm>:9443/gc
  # Optional
  # Required if IBM ELM link validity is used 
  globalConfigurationProvider: ""
  # Sets the type of link index used
  # type: "ibm-elm", "smartfacts", "none"
  linkIndexType: ""
  # Sets the URI of the link index 
  # e.g https://<ibm-elm>/ldx/sparql
  linkIndexUri: ""
  
  # Sets the Link Validity Provider
  # Examples:
  # https://<ibm-elm>:9443/jts/elm
  # https://<smartfacts>/platform/elm
  linkValidityProvider: ""
  # Enables TRS feed generation
  # Requires a technical user to be set if it's enabled
  # TRS feed exposes base artifacts and changes occurend in syncronized Codebeamer projects
  # Enable it only if a third party tool is accessing the TRS feed of this OSLC Connector to index data
  trsEnabled: false
  
  containerPort: "8443"
  port: "8443"
  debugPortToolService: ""
  
  # Defines a proxy used by the OSLC Connector for Codebeamer. 
  proxy:
    https:
      # The URL of the https proxy server
      host: "" 
      # The port of the https proxy server
      port: ""
      # A list of IP addresses or URLs devided by the pipe sign '|'
      nonProxyHosts: "" 

  # Sets the logging level in the application
  # valid values are: INFO, ERROR, DEBUG, TRACE
  loggingLevelSpringFramework: "INFO" 


ingress:
  enabled: true
  className: ""
  annotations: {}
  tls:
    secretName: ""


  # ----------------------------------------------------------------
  # ------------------------- Library ------------------------------
  # ----------------------------------------------------------------

# Special certtool configuration
certtool:
  # certtool should only be activated on the first deployment and after a certificate update
  enabled: true
  
mongodb
  # Deployes a mongodb container inside the pod that the OSLC Connector will use
  enabled: true

Overwriting the installed version

Use genoslcToolServiceVersionOverride to change the default version set in the helm chart for the tool service. Overwrite the default value when you want to switch to another version, other than the one set as default via the helm chart

Code Block
genoslcToolServiceVersionOverride: "2024.07.4"

Use genoslcCodebeamerPluginVersionOverride to change the default version set in the helm chart for the Codebeamer plugin widget. Overwrite the default value when you want to switch to another version, other than the one set as default.

Code Block
genoslcCodebeamerPluginVersionOverride: "2024.07.1"

SSL certificates

Code Block
languageyaml
# SSL certificates
  cert:
    overrideTruststorePassword: "changeit"
    secretName: ""
    crtFullChain: ""
    key: ""

Domain and subdomain

In the global section you must specify the domain and subdomain that form the base URL where the OSLC Connector for Codebeamer will be accessible.

Code Block
languageyaml
global:
  domain: "example.com" 
  hosts:
    genoslc:
      subdomain: "genoslc-codebeamer"  
      port: ""

This will result in genoslc-codebeamer.example.com to become the URL where the OSLC Connector is established.

OIDC Issuer

The OIDC issuer must be configured in the global section in order to establish the connection between the application and the SSO. The issuer URL value has to be retrieved from the /.well-known/openid-configuration endpoint of the SSO (RFC 8414 - OAuth 2.0 Authorization Server Metadata (ietf.org))

Code Block
languageyaml
global:
  identity: 
    OIDC_ISSUER: "https://keycloak.brand.de/realms/Connector"

Configuring the OIDC client

After configuring the OIDC client in your SSO provider you must set the OIDC client ID and client secret.

Code Block
env:
  oidc:
    clientId: codebeamerClient
    clientSecret: e932235d-2349-fd26-bcdb-93hw3f43aab9
Note

The OIDC client MUST fulfill the following requirements:

  1. has to be a private client (so it has a key and secret)

  2. grant type must be authorization code 

  3. the redirect URI must be https://<oslc connector url>/login/oauth2/code/custom

Setting up a connection to the Codebeamer instance

Adapting a Codebeamer instance

There are two URLs that must be set before a integration with the API and UI of Codebeamer can be achieved. The first one is adaptedToolRootUri and it represents the base URL of your Codebeamer instance. The second one is adaptedToolApiUri and represents the API URL of Codebeamer. This usually follows the following path formats:

  • https://<codebeamer instance URL>/api/v3/

  • https://<codebeamer instance URL>/cb/api/v3/

Code Block
languageyaml
env:
  tool:
    adaptedToolApiUri: "https://codebeamer.com/api/v3/"
    adaptedToolRootUri: "https://codebeamer.com"

Codebeamer Widget URL

OSLC Connector for Codebeamer comes up with a bundled widget that has to be installed in Codebeamer. The first step to achieve that is to set the widgetUrl - it must be in the format https://<connector base url>/cb

Code Block
languageyaml
env:
  tool:
    widgetUrl: "<baseUrl>/cb"

Codebeamer time zone

The Codebeamer time zone must be set in the OSLC Connector for Codebeamer too. To do that use adaptedToolToolTimeZone. For more references on the Codebeamer tool time zone see the documentation.

Code Block
languageyaml
env:
  tool:
    adaptedToolToolTimeZone: "UTC"

Code Block
languageyaml
env:
  tool:
    adaptedToolToolTimeZone: "UTC"
    # base64 encoded technical user credentials
    # Required when if TRS is enabled
    adaptedToolTechnicalUserAuthorizationHeader: ""
    widgetUrl: "<baseUrl>/cb"
  
  # If the flag "manualLoginRequired" is set to "true", the plugin will not attempt to automatically login the user.
  # This flag should be enabled if many users that do not have access to a third party app connected
  # via the OSLC Connector.
  manualLoginRequired: "false"

Install the OSLC Connector for Codebeamer

...

Code Block
sudo helm upgrade --install genoslc-codebeamer library/genoslc -f values-genoslc-codebeamer.yaml --version 2.7.4-genoslcv2 -n genoslc-codebeamer --create-namespace

Next Steps

To configure communication between Codebeamer, OSLC Connector for Codebeamer and Smartfacts, please follow the steps at Tutorial Codebeamer <> Cameo Systems Modeler.