Deploying the OSLC Connector for Codebeamer

Owned by Marius Balaban
Last updated: Sep 30, 2024
7 min read

Prerequisites

The following steps should already have been done before you install the OSLC Connector for Codebeamer. Please make sure that:

The OAuth client MUST fulfill the following requirements:

  1. has to be a private client (so it has a key and secret)

  2. has to be OIDC

  3. grant type must be authorization code 

  4. the redirect URI must be https://<oslc connector url>/login/oauth2/code/custom

Prepare the Deployment

Add library Repository for the OSLC Connector for Codebeamer

You will need a username and password to download the helm chart and containers from MID's repository. You will receive username and password from your MID contact or from cops@mid.de.

sudo helm repo add library https://repo.secure.mid.de/chartrepo/library --username <USERNAME> --password <PASSWORD> sudo helm repo update

Customize Values File

  • Change to your user's home directory on the server and create a new text file values-genoslc-codebeamer.yaml with the following content:

genoslcToolServiceVersionOverride: "" genoslcCodebeamerPluginVersionOverride: "" global: # Domain of the cluster or of the external reverse proxy domain: "example.com" # Setup OIDC information oidc: # OIDC Client ID registerd for this application clientId: "" # OIDC Client Secret registered for this application clientSecret: "" # SSL certificates cert: overrideTruststorePassword: "changeit" secretName: "" crtFullChain: "" key: "" identity: # OIDC Issuer URL, taken from the /.well-known/openid-configuration endpoint OIDC_ISSUER: "" hosts: genoslc: # The subdomain where the OSLC Connector for Codebeamer will be accessible subdomain: "genoslc-codebeamer" port: "" env: tool: # Possible values: ""|"codebeamer" # Setting it to "codebeamer" will tell the helm chart to setup the Codebeamer Widget container in the pod # Required for a complete integration in the Codebeamer UI type: "codebeamer" # Codebeamer API URL # Usually it is the <codebeamer instance URL>/api/v3/ or <codebeamer instance URL>/cb/api/v3/ adaptedToolApiUri: "" # URL where the Codebeamer application is accessible adaptedToolRootUri: "" # Timezone set in Codebeamer # See chapter 1.1.22.1 in https://codebeamer.com/cb/wiki/5848463 adaptedToolToolTimeZone: "UTC" # base64 encoded technical user credentials # Required when if TRS is enabled adaptedToolTechnicalUserAuthorizationHeader: "" # URL where the Codebeamer Widget will be accessible; # Must fill the base URL of the OSLC Connector for Codebeamer widgetUrl: "<baseUrl>/cb" # If the flag "manualLoginRequired" is set to "true", the plugin will not attempt to automatically login the user. # This flag should be enabled if many users that do not have access to a third party app connected # via the OSLC Connector. manualLoginRequired: "false" # By default, the authorization URI will be retrieved from the issuer URI # However, if you need to configure custom query parameters for the authorization request # you can set it up # e.g. for acr_values # https://<auth_uri>/<path>?acr_values=<value> authorizationUri: "" # The introspection URI will be use to validate and retrieve token data necessary for user identification # Mandatory from OSLC Connector for Codebeamer 2024.09.1 introspectionUri: "" configuration: # Give a list of up to 5 usernames of users which will have the administration right to change settings # in the OSLC Connector. Inbound details and Outbound details can be managed only by administrators. # At least one administrator user must be stated here. administrators: [] # Key used to encrypt the oauth10a configuration data in the database oauth10aEncryptionKey: "" # oidc section overwrites the information set in the global.oidc section oidc: # OIDC Client ID registerd for this application clientId: "" # OIDC Client Secret registered for this application clientSecret: "" # Name of a Kubernetes secret containing clientId and clientSecret. secretName: "" # Sets the JWT claim to be used for user identification # e.g. preferred_username, sub, oid userNameAttribute: "preferred_username" # Sets the client authentication method to be used in the authentication process # Valid values are: client_secret_basic, client_secret_post, none # Default value is "client_secret_basic" clientAuthenticationScheme: "client_secret_basic" # Sets the user info authentication method # valid values are: header, form, query userInfoAuthenticationMethod: "header" # Sets the client scopes used in the authentication process # Default value "openid" clientScope: "openid" # comma separated list of scopes (e.g. "read, write") # Sets the application to use PKCE when authenticating the user https://oauth.net/2/pkce/ # Default value is true # Set pkceEnabled to false if the OIDC provider does not support PKCE pkceEnabled: true # Sets the URL where the OSLC Connector for Codebeamer is accessible # Mandatory publicUri: "" # Sets the URL where the OSLC Connector for Codebeamer is accessible # URL must be <publicUri>/spa # Mandatory pluginUri: "" # Comma separate list of applications that are allowed to make requests to the OSLC Connector API # Examples: # Third party applications that connect to the OSLC Connector for Codebeamer # Codebeamer allowedCorsOrigins: "" # URLs of other OSLC Connectors (Smartfacts, Jama, PREEvision, Octane, DOORS Classic) that are connected # to this instance via an association. knownContextRoots: "" # Sets the Global Configuration provider # Example: https://<ibm-elm>:9443/gc # Optional # Required if IBM ELM link validity is used globalConfigurationProvider: "" # Sets the type of link index used # type: "ibm-elm", "smartfacts", "none" linkIndexType: "" # Sets the URI of the link index # e.g https://<ibm-elm>/ldx/sparql linkIndexUri: "" # Sets the Link Validity Provider # Examples: # https://<ibm-elm>:9443/jts/elm # https://<smartfacts>/platform/elm linkValidityProvider: "" # Enables TRS feed generation # Requires a technical user to be set if it's enabled # TRS feed exposes base artifacts and changes occurend in syncronized Codebeamer projects # Enable it only if a third party tool is accessing the TRS feed of this OSLC Connector to index data trsEnabled: false containerPort: "8443" port: "8443" debugPortToolService: "" # Defines a proxy used by the OSLC Connector for Codebeamer. proxy: https: # The URL of the https proxy server host: "" # The port of the https proxy server port: "" # A list of IP addresses or URLs devided by the pipe sign '|' nonProxyHosts: "" # Sets the logging level in the application # valid values are: INFO, ERROR, DEBUG, TRACE loggingLevelSpringFramework: "INFO" ingress: enabled: true className: "" annotations: {} tls: secretName: "" # ---------------------------------------------------------------- # ------------------------- Library ------------------------------ # ---------------------------------------------------------------- # Special certtool configuration certtool: # certtool should only be activated on the first deployment and after a certificate update enabled: true mongodb # Deployes a mongodb container inside the pod that the OSLC Connector will use enabled: true

 

Overwriting the installed version

Use genoslcToolServiceVersionOverride to change the default version set in the helm chart for the tool service. Overwrite the default value when you want to switch to another version, other than the one set as default via the helm chart

genoslcToolServiceVersionOverride: "2024.07.4"

Use genoslcCodebeamerPluginVersionOverride to change the default version set in the helm chart for the Codebeamer plugin widget. Overwrite the default value when you want to switch to another version, other than the one set as default.

SSL certificates

Domain and subdomain

In the global section you must specify the domain and subdomain that form the base URL where the OSLC Connector for Codebeamer will be accessible.

This will result in genoslc-codebeamer.example.com to become the URL where the OSLC Connector is established.

OIDC Issuer

The OIDC issuer must be configured in the global section in order to establish the connection between the application and the SSO. The issuer URL value has to be retrieved from the /.well-known/openid-configuration endpoint of the SSO (RFC 8414 - OAuth 2.0 Authorization Server Metadata (ietf.org))

Configuring the OIDC client

After configuring the OIDC client in your SSO provider you must set the OIDC client ID and client secret.

The OIDC client MUST fulfill the following requirements:

  1. has to be a private client (so it has a key and secret)

  2. grant type must be authorization code 

  3. the redirect URI must be https://<oslc connector url>/login/oauth2/code/custom

Setting up a connection to the Codebeamer instance

Adapting a Codebeamer instance

There are two URLs that must be set before a integration with the API and UI of Codebeamer can be achieved. The first one is adaptedToolRootUri and it represents the base URL of your Codebeamer instance. The second one is adaptedToolApiUri and represents the API URL of Codebeamer. This usually follows the following path formats:

  • https://<codebeamer instance URL>/api/v3/

  • https://<codebeamer instance URL>/cb/api/v3/

Codebeamer Widget URL

OSLC Connector for Codebeamer comes up with a bundled widget that has to be installed in Codebeamer. The first step to achieve that is to set the widgetUrl - it must be in the format https://<connector base url>/cb

Codebeamer time zone

The Codebeamer time zone must be set in the OSLC Connector for Codebeamer too. To do that use adaptedToolToolTimeZone. For more references on the Codebeamer tool time zone see the documentation.

 

Install the OSLC Connector for Codebeamer

Execute the Installation

Enter the following command to execute the Installation:

 

Next Steps

To configure communication between Codebeamer, OSLC Connector for Codebeamer and Smartfacts, please follow the steps at Tutorial Codebeamer <> Cameo Systems Modeler.