{"type":"doc","content":[{"type":"extension","attrs":{"layout":"default","extensionType":"com.atlassian.confluence.macro.core","extensionKey":"toc","parameters":{"macroParams":{"style":{"value":"none"}},"macroMetadata":{"macroId":{"value":"94c4c200-b5f7-449b-a05b-45d2eb10be21"},"schemaVersion":{"value":"1"},"title":"Table of Contents"}},"localId":"66d2feb2-3fec-49ed-9852-55c11c1bf48a"}},{"type":"heading","attrs":{"level":1},"content":[{"text":"Prerequisites","type":"text"}]},{"type":"paragraph","content":[{"text":"The following steps should already have been done before you install the OSLC Connector for Innovator. Please make sure that:","type":"text"}]},{"type":"panel","attrs":{"panelType":"warning"},"content":[{"type":"paragraph","content":[{"text":"The OIDC client MUST fulfill the following requirements:","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"has to be a private client (so it has a key and secret)","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"has to be OIDC","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"grant type must be authorization code ","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"the redirect URI must be https:///login/oauth2/code/custom","type":"text"}]}]}]}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"server certificates for your https://genoslc-innovator. are present. The certificates must fulfill the requirements stated in this section: ","type":"text"},{"type":"inlineCard","attrs":{"url":"https://smartfacts.atlassian.net/wiki/spaces/SPD/pages/57180202/Creating+and+testing+the+Certificates+for+Smartfacts#Create-the-certificate"}}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"the DNS entry is set for https://genoslc-innovator.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"your OSLC Connector for Innovator deployment can reach the target Innovator instance; all necessary proxies are configured to allow the communication from the OSLC Connector to the Innovator and the Confluence instance","type":"text"}]}]}]},{"type":"heading","attrs":{"level":1},"content":[{"text":"Prepare the Deployment","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Add library Repository for the OSLC Connector for Innovator","type":"text"}]},{"type":"panel","attrs":{"panelType":"warning"},"content":[{"type":"paragraph","content":[{"text":"You will need a username and password to download the helm chart and containers from MID's repository. You will receive username and password from your MID contact or from ","type":"text"},{"text":"cops@mid.de","type":"text","marks":[{"type":"link","attrs":{"href":"mailto:cops@mid.de"}}]},{"text":".","type":"text"}]}]},{"type":"codeBlock","marks":[{"type":"breakout","attrs":{"mode":"wide"}}],"content":[{"text":"sudo helm repo add library https://repo.secure.mid.de/chartrepo/library --username --password \nsudo helm repo update","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Customize Values File","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Create the values file","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Change to your user's home directory on the server and create a new text file ","type":"text"},{"text":"values-genoslc-innovator.yaml","type":"text","marks":[{"type":"code"}]},{"text":" with the following content:","type":"text"}]}]}]},{"type":"codeBlock","marks":[{"type":"breakout","attrs":{"mode":"wide"}}],"content":[{"text":"global:\n # Domain of the url (if your OSLC Connector for Innovator will be accessible with \"genoslc-innovator.mycompany.com\", then enter \"mycompany.com\" here.)\n domain: \"\"\n # registry: The Docker image registry to be used to download the images. Default is \"repo.mid.de\". Change it, if you use an internal Docker image registry as a mirror.\n registry: \"\"\n # repologin: Base64 encoded login credentials for the Docker image registry. You will get it for repo.mid.de from MID.\n repologin: \"\"\n # SSL certificates\n cert:\n crtFullChain: \"\"\n key: \"\"\n # Setup OIDC information\n identity:\n # OIDC Issuer URL, taken from the /.well-known/openid-configuration endpoint \n OIDC_ISSUER: \"\"\n oidc:\n # OIDC Client ID registerd for this application\n clientId: \"\"\n # OIDC Client Secret registered for this application\n clientSecret: \"\"\n hosts:\n genoslc:\n # The subdomain where the OSLC Connector for Innovator will be accessible\n subdomain: \"genoslc-innovator\" \nenv:\n tool:\n type: \"innovator\"\n # In adaptedToolApiUri and adaptedToolRootUri insert the hostname of the OSLC Connector for Innovator (https://genoslc-innovator.)\n adaptedToolApiUri: \"\"\n adaptedToolRootUri: \"\"\n innovator:\n # licenseServer: The hostname and Port of the Innovator License Server (e.g. \"myinnovatorserver.mycompany.com:16000\") \n licenseServer: \"\"\n # authorizationUri: The authorizion endpoint of you OIDC server\n authorizationUri: \"\"\n # tokenUri: The token endpoint of your OIDC server\n tokenUri: \"\"\n # userInfoUri: The user info endpoint of your OIDC server\n userInfoUri: \"\"\n # jwkUri: jwks_uri of your OIDC server\n jwkUri: \"\"\n pkceEnabled: true\n configuration:\n\t# administrators: A list of the email addresses of up to 5 users that are allowed to configure the OSLC Connector.\n administrators: []\n\t# oauth10aEncryptionKey: A random key to encrypt the configuration data of the OSLC Connector in the database. Once set, it schould never change anymore.\n oauth10aEncryptionKey: \"\" \n # userNameAttribute: The clain in the token the user is identified with. This claim must contain the email address of the user. If the claim has a different name with your OIDC provider, please adopt it here.\n userNameAttribute: \"email\"\n clientScope: \"openid, profile, email\"\n # allowedCorsOrigins: All allowed CORS origins (see https://developer.mozilla.org/de/docs/Web/HTTP/CORS for more information regarding CORS). If your OIDC provider is Entra ID, then add \"https://login.microsoftonline.com\" here. For other OIDC providers please refer to the provider's manual.\n allowedCorsOrigins: \"\"\n trsEnabled: false\n # valid values are: INFO, ERROR, DEBUG, TRACE\n loggingLevelSpringFramework: \"INFO\" \n port: \"8080\"\n containerPort: \"8080\"\ningress:\n enabled: true\n # className: set the className of the ingress controller instance to be used in your cluster\n className: \"\"\n# Special certtool configuration\ncerttool:\n # The certtool generates the TLS secret and the truststore to be used. It should only be activated on the first deployment and after a certificate update.\n enabled: true\nmongodb:\n enabled: true","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Customize the values in the values file","type":"text"}]},{"type":"paragraph","content":[{"text":"Add the missing values in the values file. With the genoslc chart it is possible to deploy OSLC connectors for different tools. So some values (like ","type":"text"},{"text":"env.tool.type: innovator","type":"text","marks":[{"type":"code"}]},{"text":" or ","type":"text"},{"text":"env.containerPort: 8080","type":"text","marks":[{"type":"code"}]},{"text":") are fix in the template to configure the deployment for the OSLC Connector for Innovator. Please leave these values unchanged in your values file. The values to be added are described in the next sections.","type":"text"}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Domain and subdomain","type":"text"}]},{"type":"paragraph","content":[{"text":"In the ","type":"text"},{"text":"global","type":"text","marks":[{"type":"code"}]},{"text":" section you must specify the ","type":"text"},{"text":"domain","type":"text","marks":[{"type":"code"}]},{"text":" and ","type":"text"},{"text":"subdomain","type":"text","marks":[{"type":"code"}]},{"text":" that form the base URL where the OSLC Connector for Codebeamer will be accessible.","type":"text"}]},{"type":"codeBlock","content":[{"text":"global:\n domain: \"yourcompany.com\"\n [...]\n hosts:\n genoslc:\n subdomain: \"genoslc-innovator\"","type":"text"}]},{"type":"paragraph","content":[{"text":"The example data shown will result in the URL “","type":"text"},{"type":"inlineCard","attrs":{"url":"http://genoslc-innovator.yourcompany.com"}},{"text":" ”.","type":"text"}]},{"type":"panel","attrs":{"panelType":"warning"},"content":[{"type":"paragraph","content":[{"text":"With the OSLC Plugin for Confluence or Jira, the subdomain of the OSLC Connector for Innovator must contain the string “genoslc” in its name.","type":"text"}]}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Image repository and login credentials","type":"text"}]},{"type":"codeBlock","content":[{"text":"global:\n registry: \"repo.mid.de\"\n repologin: \"\"","type":"text"}]},{"type":"paragraph","content":[{"text":"If you use the MID image registry directly, the base64 string for the registry credentials is sent to you from MID. If you need them, please write to ","type":"text"},{"text":"cops@mid.de","type":"text","marks":[{"type":"link","attrs":{"href":"mailto:cops@mid.de"}}]},{"text":".","type":"text"}]},{"type":"paragraph","content":[{"text":"If you use a private registry, you must encode the registry credentials yourself. To do this, replace the placeholders for ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" and ","type":"text"},{"text":"","type":"text","marks":[{"type":"code"}]},{"text":" in this json-snippend and encode it in base64. Make sure the line endings are Unix line endings, not Windows.","type":"text"}]},{"type":"codeBlock","content":[{"text":"{\n \"auths\":\n {\n \"repo.mid.de\" :\n {\n \"username\":\"\",\n \"password\":\"\"\n }\n }\n}","type":"text"}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"SSL certificates","type":"text"}]},{"type":"codeBlock","content":[{"text":"# SSL certificates\nglobal:\n[...]\n cert:\n crtFullChain: \"\"\n key: \"\"","type":"text"}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"OIDC Issuer","type":"text"}]},{"type":"paragraph","content":[{"text":"The OIDC issuer must be configured in the ","type":"text"},{"text":"global","type":"text","marks":[{"type":"code"}]},{"text":" section in order to establish the connection between the application and the SSO. The issuer URL value has to be retrieved from the /.well-known/openid-configuration endpoint of the SSO (","type":"text"},{"text":"RFC 8414 - OAuth 2.0 Authorization Server Metadata (ietf.org)","type":"text","marks":[{"type":"link","attrs":{"href":"https://datatracker.ietf.org/doc/html/rfc8414#section-3"}}]},{"text":")","type":"text"}]},{"type":"codeBlock","content":[{"text":"global:\n identity: \n OIDC_ISSUER: \"\"","type":"text"}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Configuring the OIDC client","type":"text"}]},{"type":"paragraph","content":[{"text":"After configuring the OIDC client in your SSO provider you must set the OIDC client ID and client secret.","type":"text"}]},{"type":"panel","attrs":{"panelType":"warning"},"content":[{"type":"paragraph","content":[{"text":"The OIDC client MUST fulfill the following requirements:","type":"text"}]},{"type":"orderedList","attrs":{"order":1},"content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"has to be a private client (so it has a key and secret)","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"grant type must be authorization code ","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"the redirect URI must be https:///login/oauth2/code/custom","type":"text"}]}]}]}]},{"type":"codeBlock","content":[{"text":"global:\n oidc:\n clientId: oslc-innovator\n clientSecret: e932235d-2349-fd26-bcdb-93hw3f43aab9","type":"text"}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Setting up a connection to the Innovator instance","type":"text"}]},{"type":"paragraph","content":[{"text":"For the OSLC connector for Innovator, the values for ","type":"text"},{"text":"adaptedToolRootUri","type":"text","marks":[{"type":"code"}]},{"text":" and ","type":"text"},{"text":"adaptedToolApiUri","type":"text","marks":[{"type":"code"}]},{"text":" and must point to the OSLC Connector for innovator itslf (","type":"text"},{"text":"https://genoslc-innovator.","type":"text","marks":[{"type":"code"}]},{"text":"). ","type":"text"}]},{"type":"paragraph","content":[{"text":"Enter the license server in the format “host:port”.","type":"text"}]},{"type":"codeBlock","content":[{"text":"env:\n tool:\n type: \"innovator\"\n # In adaptedToolApiUri and adaptedToolRootUri insert the hostname of the OSLC Connector for Innovator (https://genoslc-innovator.)\n adaptedToolApiUri: \"genoslc-innovator.\"\n adaptedToolRootUri: \"genoslc-innovator.\"\n innovator:\n # licenseServer: The hostname and Port of the Innovator License Server (e.g. \"myinnovatorserver.mycompany.com:16000\") \n licenseServer: \":\"","type":"text"}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Configure OIDC endpoints","type":"text"}]},{"type":"paragraph","content":[{"text":"Configure the OIDC endpoints. To get the values call the wellknown url of your OIDC provider in your browser. Use the values from the field ","type":"text"},{"text":"authorization_endpoint","type":"text","marks":[{"type":"code"}]},{"text":", ","type":"text"},{"text":"token_endpoint","type":"text","marks":[{"type":"code"}]},{"text":" , ","type":"text"},{"text":"userinfo_endpoint","type":"text","marks":[{"type":"code"}]},{"text":" and ","type":"text"},{"text":"jwks_uri","type":"text","marks":[{"type":"code"}]},{"text":" from the wellknown url.","type":"text"}]},{"type":"codeBlock","content":[{"text":"env:\n [...]\n authorizationUri: \"\"\n tokenUri: \"\"\n userInfoUri: \"\"\n jwkUri: \"\"","type":"text"}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"PKCE","type":"text"}]},{"type":"paragraph","content":[{"text":"Sets the application to use PKCE when authenticating the user ","type":"text"},{"type":"inlineCard","attrs":{"url":"https://oauth.net/2/pkce/"}},{"text":" . Default value is true. Set pkceEnabled to false if the OIDC provider does not support PKCE.","type":"text"}]},{"type":"codeBlock","content":[{"text":"env:\n [...]\n pkceEnabled: true","type":"text"}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"List of OSLC Connector for Innovator administrators","type":"text"}]},{"type":"paragraph","content":[{"text":"Provide a list of up to 5 email addresses of users, which will have the administration right to change protected settings in the OSLC Connector. Inbound details and Outbound details can be managed only by administrators. At least one administrator user must be stated here.","type":"text"}]},{"type":"codeBlock","content":[{"text":"env:\n [...]\n configuration:\n administrators: \n - administrator1@yourcomany.com\n - administrator2@yourcomany.com","type":"text"}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Encrypt oauth10a configuration data","type":"text"}]},{"type":"paragraph","content":[{"text":"Set the encryption key that is used to encrypt and decrypt the oauth10a configuration data in the database. If you do not set an encryption key, the configuration data of the OSLC Connector is stored unencrypted in the database. As soon as the OSLC Connector has been provided with an encryption key, the key may no be changed anymore.","type":"text"}]},{"type":"codeBlock","content":[{"text":"env:\n configuration:\n [...]\n oauth10aEncryptionKey: \"\" ","type":"text"}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"User name attribute","type":"text"}]},{"type":"paragraph","content":[{"text":"Used to set the JWT claim to be used for user identification. With the OSLC Connector for Innovator this claim must contain the email address of the user.","type":"text"}]},{"type":"paragraph","content":[{"text":"Example:","type":"text"}]},{"type":"codeBlock","content":[{"text":"env:\n [...]\n userNameAttribute: \"email\"","type":"text"}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Client scopes","type":"text"}]},{"type":"paragraph","content":[{"text":"Sets the client scopes used in the authentication process. Default value \"openid\". The value is a comma separated list of scopes. The scope ","type":"text"},{"text":"openid","type":"text","marks":[{"type":"code"}]},{"text":" is mandatory, normally the scope ","type":"text"},{"text":"profile","type":"text","marks":[{"type":"code"}]},{"text":" enables the email claim in the token.","type":"text"}]},{"type":"paragraph","content":[{"text":"Example:","type":"text"}]},{"type":"codeBlock","content":[{"text":"env:\n [...]\n clientScope: \"openid, profile, email\" ","type":"text"}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Allowed CORS URLs","type":"text"}]},{"type":"paragraph","content":[{"text":"This is a comma separated list of applications that are allowed to make requests to the OSLC Connector API like third party applications that read data from the OSLC Connector for Codebeamer.","type":"text"}]},{"type":"panel","attrs":{"panelType":"warning"},"content":[{"type":"paragraph","content":[{"text":"If you use Microsoft Entra ID as the OIDC provider, you must add ","type":"text"},{"text":"https://login.microsoftonline.com","type":"text","marks":[{"type":"code"}]},{"text":" to the allowedCorsOrigins.","type":"text"}]}]},{"type":"paragraph","content":[{"text":"Example:","type":"text"}]},{"type":"codeBlock","content":[{"text":"env:\n allowedCorsOrigins: \"https://login.microsoftonline.com\"","type":"text"}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"Ingress","type":"text"}]},{"type":"paragraph","content":[{"text":"By default, the chart also deploys an ingress resource. The ingress ressource defines the endpoint under which the OSLC Connector for Innovator is reacheable. If you do not want to use the ingress of the deployment, then you can disable it. If you want to use it, add the ingressClassName of your ingress controller (e.g. ","type":"text"},{"text":"nginx","type":"text","marks":[{"type":"code"}]},{"text":").","type":"text"}]},{"type":"codeBlock","content":[{"text":"ingress:\n enabled: true\n className: \"\"","type":"text"}]},{"type":"heading","attrs":{"level":4},"content":[{"text":"certtool","type":"text"}]},{"type":"paragraph","content":[{"text":"The certtool is a helper container provided by MID. It creates the tls secret and the secrets for the java truststore from certificate data giben in the values file.","type":"text"}]},{"type":"codeBlock","content":[{"text":"# Special certtool configuration\ncerttool:\n # The certtool generates the TLS secret and the truststore to be used. It should only be activated on the first deployment and after a certificate update.\n enabled: true","type":"text"}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"Since the certtool just creates secrets that will not change as long as the certificate data in the values file does not change, you can switch it off after the first successful run. You also can remove the certificate chain and key data from the values file after the successful run of the certtool. This will save time when deploying.","type":"text"}]},{"type":"paragraph","content":[{"text":"Just rememver to add these data and switch on the certtool again, as soon as any changes are necessary in the certificates.","type":"text"}]},{"type":"paragraph","content":[{"text":"Of course you can create the TLS and truststore secrets manually and don’t use the certtool at all.","type":"text"}]}]},{"type":"heading","attrs":{"level":1},"content":[{"text":"Install the OSLC Connector for Innovator","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Execute the Installation","type":"text"}]},{"type":"paragraph","content":[{"text":"Enter the following command to execute the Installation:","type":"text"}]},{"type":"codeBlock","marks":[{"type":"breakout","attrs":{"mode":"wide"}}],"content":[{"text":"sudo helm upgrade --install genoslc-innovator library/genoslc -f values-genoslc-innovator.yaml -n genoslc-innovator --create-namespace","type":"text"}]},{"type":"paragraph","content":[{"text":" ","type":"text"}]}],"version":1}

Browser not supported