Prerequisites

The following steps should already have been done before you install the OSLC Connector for Octane. Please make sure that:

The OAuth client MUST fulfill the following requirements:

has to be a private client (so it has a key and secret)
has to be OIDC
grant type must be authorization code
the redirect URI must be https://<oslc connector url>/login/oauth2/code/custom

server certificates for your https://genoslc-octane.<your domain> are present. The certificates must fulfill the requirements stated in this section: Creating and testing the Certificates for Smartfacts | Create the certificate
the DNS entry is active for https://genoslc-octane.<your domain>
your OSLC Connector for Octane deployment can reach the target Octane instance; all necessary proxies are configured to allow the communication from the OSLC Connector to the Octane instance

Prepare the Deployment

Add library Repository for the OSLC Connector for Octane

You will need a username and password to download the helm chart and containers from MID's repository. You will receive username and password from your MID contact or from cops@mid.de.

sudo helm repo add library https://repo.secure.mid.de/chartrepo/library --username <USERNAME> --password <PASSWORD>
sudo helm repo update

Customize Values File

Change to your user's home directory on the server and create a new text file values-genoslc-octane.yaml with the following content:

genoslcToolServiceVersionOverride: ""

global:
  domain: "example.com" 
  oidc:
    clientId: ""
    clientSecret: ""
  cert:
    overrideTruststorePassword: "changeit"
    secretName: ""
    crtFullChain: ""
    key: ""
  identity:
    OIDC_ISSUER: ""
  hosts:
    genoslc:
      subdomain: "genoslc-octane"  
      port: ""
env:
  tool:
    type: "octane"
    adaptedToolApiUri: ""
    adaptedToolRootUri: ""
    adaptedToolTechnicalUserAuthorizationHeader: ""
  configuration:
    administrators: []
    oauth10aEncryptionKey: ""  
  oidc:
    clientId: ""
    clientSecret: ""
    secretName: ""
  userNameAttribute: "preferred_username"
  clientAuthenticationScheme: "client_secret_basic" 
  userInfoAuthenticationMethod: "header" 
  clientScope: "openid"
  pkceEnabled: true
  publicUri: ""  
  pluginUri: ""
  allowedCorsOrigins: ""
  knownContextRoots: ""
  globalConfigurationProvider: ""
  linkValidityProvider: ""
  trsEnabled: false
  
  containerPort: "8443"
  port: "8443"
  debugPortToolService: ""
  
  # Defines a proxy used by the OSLC Connector for Octane. 
  proxy:
    https:
      # The URL of the https proxy server
      host: "" 
      # The port of the https proxy server
      port: ""
      # A list of IP addresses or URLs devided by the pipe sign '|'
      nonProxyHosts: "" 

  # Sets the logging level in the application
  # valid values are: INFO, ERROR, DEBUG, TRACE
  loggingLevelSpringFramework: "INFO" 


ingress:
  enabled: true
  className: ""
  annotations: {}
  tls:
    secretName: ""


  # ----------------------------------------------------------------
  # ------------------------- Library ------------------------------
  # ----------------------------------------------------------------

# Special certtool configuration
certtool:
  # certtool should only be activated on the first deployment and after a certificate update
  enabled: true
  
mongodb
  # Deployes a mongodb container inside the pod that the OSLC Connector will use
  enabled: true

Overwriting the installed version

Use genoslcToolServiceVersionOverride to change the default version set in the helm chart for the tool service. Overwrite the default value when you want to switch to another version, other than the one set as default via the helm chart

genoslcToolServiceVersionOverride: "2024.07.4"

SSL certificates

Domain and subdomain

In the global section you must specify the domain and subdomain that form the base URL where the OSLC Connector for Octane will be accessible.

This will result in genoslc-octane.example.com to become the URL where the OSLC Connector is established.

OIDC Issuer

The OIDC issuer must be configured in the global section in order to establish the connection between the application and the SSO. The issuer URL value has to be retrieved from the /.well-known/openid-configuration endpoint of the SSO (RFC 8414 - OAuth 2.0 Authorization Server Metadata (ietf.org))

Configuring the OIDC client

After configuring the OIDC client in your SSO provider you must set the OIDC client ID and client secret.

The OIDC client MUST fulfill the following requirements:

has to be a private client (so it has a key and secret)
grant type must be authorization code
the redirect URI must be https://<oslc connector url>/login/oauth2/code/custom

Setting up a connection to the Octane instance

Adapting a Octane instance

There are two URLs that must be set before a integration with the API and UI of Octane can be achieved. The first one is adaptedToolRootUri and it represents the base URL of your Octane instance. The second one is adaptedToolApiUri and represents the API URL of Octane. This usually follows the following path formats:

https://<octane instance URL>/

Technical user authorization for TRS generation

The value for adaptedToolTechnicalUserAuthorizationHeader must be a valid Basic authorization header. The credentials are base64 encoded.

Setting the adaptedToolTechnicalUserAuthorizationHeaderis mandatory if TRS feed generation is required.

List of OSLC Connector for Octane administrators

Provide a list of up to 5 usernames which will have the administration right to change protected settings in the OSLC Connector. Inbound details and Outbound details can be managed only by administrators. At least one administrator user must be stated here.

Encrypt oauth10a configuration data

Set the encryption key used to encrypt and decrypt the oauth10a configuration data in the database.

Overwrite global OIDC configuration

This optional section can be used to overwrite the OIDC client configuration used by the OSLC Connector for Octane when the helm chart bundles multiple applications together.

Set the env.oidc.clientId and env.oidc.clientSecret in order to overwrite the values from global.oidc.clientId and global.oidc.clientSecret respectively.

Alternatively you can provide the name of the Kubernetes secret and the values for clientId and clientSecret will be fetched from the specified secret.

User name attribute

Used to set the JWT claim to be used for user identification. Examples are preferred_username, sub, oid.

Client authentication scheme

Sets the client authentication method to be used in the authentication process. Valid values are: client_secret_basic, client_secret_post, none. Default value is "client_secret_basic"

User info authentication method

Sets the user info authentication method. Valid values are: header, form, query

Client scopes

Sets the client scopes used in the authentication process. Default value "openid". The value is a comma separated list of scopes (e.g. "read, write").

PKCE

Sets the application to use PKCE when authenticating the user https://oauth.net/2/pkce/. Default value is true. Set pkceEnabled to false if the OIDC provider does not support PKCE.

Public URI and Plugin URI

The env.publicUri variable sets the URL where the OSLC Connector for Octane is accessible. This is mandatory and has to be set.

The env.pluginUri sets the URL where the OSLC Connector for Octane is accessible and must be in the form of <env.publicUri>/spa. This variable is also mandatory and must be set.

Allowed CORS URLs

This is a comma separated list of applications that are allowed to make requests to the OSLC Connector API like third party applications that read data from the OSLC Connector for Octane.

Known context roots

This is a comma separated list URLs of other OSLC Connectors (Smartfacts, Jama, PREEvision, Octane, DOORS Classic) that are connect to this instance via an association.

Global Configuration Provider

Sets the Global Configuration provider. An example is https://<ibm-elm>/gc. Setting the value is optional but is mandatory if IBM ELM link validity is required.

Link Validity Provider

Sets the Link Validity Provider. Examples:

https://<ibm-elm>/jts/elm
https://<smartfacts>/platform/elm

Enabling TRS

Enables TRS feed generation. Requires a technical user to be set via the env.tool.adaptedToolTechnicalUserAuthorizationHeader if it's enabled.

TRS feed exposes base artifacts and changes that occurred in synchronized Octane projects.

Install the OSLC Connector for Octane

Execute the Installation

Enter the following command to execute the Installation:

Enabling the plugin in Octane

To enable the OSLC Connector for Octane as an UI panel in Octane you need to navigate to Settings → External action editor.

In the following code sample two external actions have been configured - one for work items and one for requirements.

For more details on how to create custom external actions check the Octane documentation.

OSLC Links field

OSLC Links could be stored in the Octane item. A field needs to be configured in the Octane space where the items that own the links exist.

To setup the OSLC Links field follow the steps:

Navigate to the space you want to configure
Select an entity to which you want to add the custom field
Navigate to the Fields tab and press on + Field
Add the OSLC Links field as a String field

Smartfacts Public Documentation

Deploying the OSLC Connector for Octane