Configuring OAuth Authentication for OSLC Provider Integrations

A Business Administrator can install and configure the OAuth service and OAuth1 Control Center app. This enables the use of OAuth 1.0a authentication between ENOVIA apps acting as a provider and the external applications consuming the services using Open Services for Lifecycle Collaboration (OSLC). Automatic authentication between the ENOVIA apps and the integrated external systems using OAuth 1.0 means that users do not have to log in using their 3DPassport credentials each time.

This task shows you how to:

Install OAuth1 Control Center

A Business Administrator can install the OAuth1 Control Center app, which is used to approve consumer keys from external applications that use an ENOVIA app as an OSLC provider.

  1. Locate the installer file for your platform on the installation media.

    • On Windows, the installer file is in ENOVIAOAuth1ProviderFoundation.Windows64_package.
    • On Linux, the installer file is in ENOVIAOAuth1ProviderFoundation.Linux64_package.

  2. Run the installer.

    • On Windows, double-click the installer file to start it.
    • On Linux, run the following command:
      ./StartTUI.sh

  3. Provide the server paths, ports, and user information to the installer.

    For both Windows and Linux:

    • Enter the 3DSpace service URL without a / at the end. For example: https://sampleservername.3ds.com/3DSpace
    • The default NodeJS server port: 8090
    • The default username for the OAuth1 server administrator account: OAuthAdminUser
    • The default password for the OAuth1 server administrator account: ev6@dm

Configure OAuth1 Server Information

After installing the OAuth1 Control Center app, a Business Administrator must edit several files to configure OAuth server information, then restart the reverse proxy server before starting the OAuth server.

Before you begin: You must have already installed the OAuth1 Control Center app before you can configure OAuth server information.
  1. Add the following information to the 3DEXPERIENCE VirtualHost section of httpd.conf file:

    #OAuth1:
    IncludeOptional /<OAuth1Provider>/conf/OAuth_httpd_fragment.conf*
    where <OAuth1Provider> is the location in which the OAuth1 server is installed.

  2. Add the following information to the end of the Header setifempty Access-Control-Allow-Headers section of httpd.conf file:

    OSLC-Core-Version,Authorization
    so that it reads:
    Header setifempty Access-Control-Allow-Headers "accept,x-requested-method,origin,x-requested-with,
    x-request,cache-control,content-type,SecurityContext,x-utc-offset,X-DS-CSRFTOKEN,X-DS-IAM-CSRFTOKEN,
    eep-alive,DS-API-Version,DS-Client-Step-Name,DS-Request-ID,ENO_CSRF_TOKEN,SecurityToken,
    DS-Change-Authoring-Context,DS-Configuration-Authoring-Context,OSLC-Core-Version,Authorization"

  3. Restart the reverse proxy server.
  4. Define an environment variable for the OAuth1 server URL.

    Do one of the following, depending on your environment:

    • On Windows: Create an environment system variable that defines the OAuth server URL:
      OAUTHSERVER_URL = https://<3DEXPERIENCE VirtualHost URL>/OAuth1
      where <3DEXPERIENCE VirtualHost URL> is the name of your URL of the reverse proxy virtual host. For example: https://sampleservername.3ds.com
    • On Linux: Add the following information to the mxEnv*.sh script located in <3DSpace server name>/scripts:
      OAUTHSERVER_URL=https://<3DEXPERIENCE VirtualHost URL>/OAuth1
      export OAUTHSERVER_URL
      where <3DEXPERIENCE VirtualHost URL> is the URL of the reverse proxy virtual host. For example: https://sampleservername.3ds.com

  5. Open the Run MQL window:
    1. From the compass, select Collaboration and Approvals.
    2. In the navigation pane, click Utilities > Run MQL.
    To run an MQL command, enter the command in the MQL Command box and click Run or press Enter.
  6. Run the one of the following MQL commands, depending on your environment.

    • On Windows:
      run OAuth1Provider\win_b64\code\command\OAuthService.tcl;
    • On Linux:
      run OAuth1Provider\linux_a64\code\command\OAuthService.tcl;
    Note: If the OAuth1 provider service is not installed on the same machine as 3DSpace server, copy the OAuthService.tcl file to the 3DSpace server, then run it from there.

Start and Stop the OAuth1 Server

A Business Administrator can start and stop the OAuth1 server if required.

Before you begin: You must have already installed OAuth1 Control Center and configured OAuth server information before starting the OAuth1 server.
  1. To start the OAuth1 server, do one of the following, depending on your environment:

    • On Windows:
      cd OAuth1Provider\win_b64\code\command
      OAuthService install
    • On Linux:
      cd OAuth1Provider/linux_a64/code/command
      ./OAuthService.sh start
    Note: Only start one instance of the OAuth server per installation directory.

  2. To stop the OAuth server, do one of the following, depending on your environment:

    • On Windows:
      cd OAuth1Provider\win_b64\code\command
      OAuthService remove
    • On Linux:
      cd OAuth1Provider/linux_a64/code/command
      ./OAuthService.sh stop
    Note: Only start one instance of the OAuth server per installation directory.

Uninstall and Reinstall the OAuth1 Server on Windows

On Windows, a Business Administrator must uninstall the OAuth server using the Windows Control Panel before reinstalling it.

  1. Stop the OAuth1 server.
  2. Use the Windows Control Panel to uninstall the Dassault Systemes OAuth1 Provider app.
  3. Manually clean up the logs and configuration files.
  4. If required, run the Windows installer again to reinstall the OAuth1 server.

The first time users try to create or edit information in the ENOVIA app from the external applications consuming the services, they must log in using their 3DPassport credentials. Users will not be asked to log in again until the OAuth server is restarted, causing the authentication token to expire.