Prerequisites
The following steps should already have been done before you install the OSLC Connector for Octane. Please make sure that:
The OAuth client MUST fulfill the following requirements:
has to be a private client (so it has a key and secret)
has to be OIDC
grant type must be authorization codeĀ
the redirect URI must be https://<oslc connector url>/login/oauth2/code/custom
server certificates for your https://genoslc-octane.<your domain> are present. The certificates must fulfill the requirements stated in this section: https://smartfacts.atlassian.net/wiki/spaces/SPD/pages/57180202/Creating+and+testing+the+Certificates+for+Smartfacts#Create-the-certificate
the DNS entry is active for https://genoslc-octane.<your domain>
your OSLC Connector for Octane deployment can reach the target Octane instance; all necessary proxies are configured to allow the communication from the OSLC Connector to the Octane instance
Prepare the Deployment
Add library Repository for the OSLC Connector for Octane
You will need a username and password to download the helm chart and containers from MID's repository. You will receive username and password from your MID contact or from cops@mid.de.
sudo helm repo add library https://repo.secure.mid.de/chartrepo/library --username <USERNAME> --password <PASSWORD> sudo helm repo update
Customize Values File
Change to your user's home directory on the server and create a new text file
values-genoslc-octane.yaml
with the following content:
genoslcToolServiceVersionOverride: "" global: # Domain of the cluster or of the external reverse proxy domain: "example.com" # Setup OIDC information oidc: # OIDC Client ID registerd for this application clientId: "" # OIDC Client Secret registered for this application clientSecret: "" # SSL certificates cert: overrideTruststorePassword: "changeit" secretName: "" crtFullChain: "" key: "" identity: # OIDC Issuer URL, taken from the /.well-known/openid-configuration endpoint OIDC_ISSUER: "" hosts: genoslc: # The subdomain where the OSLC Connector for Codebeamer will be accessible subdomain: "genoslc-codebeamer" port: "" env: tool: # Possible values: ""|"codebeamer" # Setting it to "codebeamer" will tell the helm chart to setup the Codebeamer Widget container in the pod # Required for a complete integration in the Codebeamer UI type: "codebeamer" # Codebeamer API URL # Usually it is the <codebeamer instance URL>/api/v3/ or <codebeamer instance URL>/cb/api/v3/ adaptedToolApiUri: "" # URL where the Codebeamer application is accessible adaptedToolRootUri: "" # Timezone set in Codebeamer # See chapter 1.1.22.1 in https://codebeamer.com/cb/wiki/5848463 adaptedToolToolTimeZone: "UTC" # base64 encoded technical user credentials # Required when if TRS is enabled adaptedToolTechnicalUserAuthorizationHeader: "" # URL where the Codebeamer Widget will be accessible; # Must fill the base URL of the OSLC Connector for Codebeamer widgetUrl: "<baseUrl>/cb" # If the flag "manualLoginRequired" is set to "true", the plugin will not attempt to automatically login the user. # This flag should be enabled if many users that do not have access to a third party app connected # via the OSLC Connector. manualLoginRequired: "false" configuration: # Give a list of up to 5 usernames of users which will have the administration right to change settings # in the OSLC Connector. Inbound details and Outbound details can be managed only by administrators. # At least one administrator user must be stated here. administrators: [] # Key used to encrypt the oauth10a configuration data in the database oauth10aEncryptionKey: "" # oidc section overwrites the information set in the global.oidc section oidc: # OIDC Client ID registerd for this application clientId: "" # OIDC Client Secret registered for this application clientSecret: "" # Name of a Kubernetes secret containing clientId and clientSecret. secretName: "" # Sets the JWT claim to be used for user identification # e.g. preferred_username, sub, oid userNameAttribute: "preferred_username" # Sets the client authentication method to be used in the authentication process # Valid values are: client_secret_basic, client_secret_post, none # Default value is "client_secret_basic" clientAuthenticationScheme: "client_secret_basic" # Sets the user info authentication method # valid values are: header, form, query userInfoAuthenticationMethod: "header" # Sets the client scopes used in the authentication process # Default value "openid" clientScope: "openid" # comma separated list of scopes (e.g. "read, write") # Sets the application to use PKCE when authenticating the user https://oauth.net/2/pkce/ # Default value is true # Set pkceEnabled to false if the OIDC provider does not support PKCE pkceEnabled: true # Sets the URL where the OSLC Connector for Codebeamer is accessible # Mandatory publicUri: "" # Sets the URL where the OSLC Connector for Codebeamer is accessible # URL must be <publicUri>/spa # Mandatory pluginUri: "" # Comma separate list of applications that are allowed to make requests to the OSLC Connector API # Examples: # Third party applications that connect to the OSLC Connector for Codebeamer # Codebeamer allowedCorsOrigins: "" # URLs of other OSLC Connectors (Smartfacts, Jama, PREEvision, Octane, DOORS Classic) that are connected # to this instance via an association. knownContextRoots: "" # Sets the Global Configuration provider # Example: https://<ibm-elm>:9443/gc # Optional # Required if IBM ELM link validity is used globalConfigurationProvider: "" # Sets the Link Validity Provider # Examples: # https://<ibm-elm>:9443/jts/elm # https://<smartfacts>/platform/elm linkValidityProvider: "" # Enables TRS feed generation # Requires a technical user to be set if it's enabled # TRS feed exposes base artifacts and changes occurend in syncronized Codebeamer projects # Enable it only if a third party tool is accessing the TRS feed of this OSLC Connector to index data trsEnabled: false containerPort: "8443" port: "8443" debugPortToolService: "" # Defines a proxy used by the OSLC Connector for Codebeamer. proxy: https: # The URL of the https proxy server host: "" # The port of the https proxy server port: "" # A list of IP addresses or URLs devided by the pipe sign '|' nonProxyHosts: "" # Sets the logging level in the application # valid values are: INFO, ERROR, DEBUG, TRACE loggingLevelSpringFramework: "INFO" ingress: enabled: true className: "" annotations: {} tls: secretName: "" # ---------------------------------------------------------------- # ------------------------- Library ------------------------------ # ---------------------------------------------------------------- # Special certtool configuration certtool: # certtool should only be activated on the first deployment and after a certificate update enabled: true mongodb # Deployes a mongodb container inside the pod that the OSLC Connector will use enabled: true
Overwriting the installed version
Use genoslcToolServiceVersionOverride to change the default version set in the helm chart for the tool service. Overwrite the default value when you want to switch to another version, other than the one set as default via the helm chart
genoslcToolServiceVersionOverride: "2024.07.4"
SSL certificates
# SSL certificates cert: overrideTruststorePassword: "changeit" secretName: "" crtFullChain: "" key: ""
Domain and subdomain
In the global
section you must specify the domain
and subdomain
that form the base URL where the OSLC Connector for Octane will be accessible.
global: domain: "example.com" hosts: genoslc: subdomain: "genoslc-octane" port: ""
This will result in genoslc-octane.example.com to become the URL where the OSLC Connector is established.
OIDC Issuer
The OIDC issuer must be configured in the global
section in order to establish the connection between the application and the SSO. The issuer URL value has to be retrieved from the /.well-known/openid-configuration endpoint of the SSO (RFC 8414 - OAuth 2.0 Authorization Server Metadata (ietf.org))
global: identity: OIDC_ISSUER: "https://keycloak.brand.de/realms/Connector"
Configuring the OIDC client
After configuring the OIDC client in your SSO provider you must set the OIDC client ID and client secret.
env: oidc: clientId: octaneClient clientSecret: e932235d-2349-fd26-bcdb-93hw3f43aab9
The OIDC client MUST fulfill the following requirements:
has to be a private client (so it has a key and secret)
grant type must be authorization codeĀ
the redirect URI must be https://<oslc connector url>/login/oauth2/code/custom
Setting up a connection to the Octane instance
Adapting a Octane instance
There are two URLs that must be set before a integration with the API and UI of Octane can be achieved. The first one is adaptedToolRootUri
and it represents the base URL of your Octane instance. The second one is adaptedToolApiUri
and represents the API URL of Octane. This usually follows the following path formats:
https://<octane instance URL>/api/v3/
https://<octane instance URL>/cb/api/v3/
env: tool: adaptedToolApiUri: "https://octane.com" adaptedToolRootUri: "https://octane.com"
Install the OSLC Connector for Octane
Execute the Installation
Enter the following command to execute the Installation:
sudo helm upgrade --install genoslc-octane library/genoslc -f values-genoslc-octane.yaml --version 3.0.1 -n genoslc-octane --create-namespace
0 Comments