diff --git a/boards/dx/index.html b/boards/dx/index.html index db7afe6e6..88bf01b1c 100644 --- a/boards/dx/index.html +++ b/boards/dx/index.html @@ -4896,12 +4896,12 @@

Prerequisites
  • HCL DX environment
  • Kubernetes environment
    • -
  • kubectl installed & authenticated
    • +
  • kubectl installed & authenticated

    • WebSphere OAuth Config

    -

    Please follow the instructions in WebSphere OAuth Config

    +

    Please follow the instructions in WebSphere OAuth Config

    Install Boards portlet

    -

    Coming soon

    +

    Please follow the instructions in Install Boards portlet

    Allow SSO inside Boards frame

    Edit the config to include the following,

      @@ -4943,7 +4943,7 @@

      Allow SSO inside Boards frame - 2024-02-26 + 2024-02-29 diff --git a/boards/dx/OAuthConfig.xml b/boards/dx/oauth/OAuthConfig.xml similarity index 100% rename from boards/dx/OAuthConfig.xml rename to boards/dx/oauth/OAuthConfig.xml diff --git a/boards/dx/oauth/websphere/index.html b/boards/dx/oauth/websphere/index.html new file mode 100644 index 000000000..240d3a8af --- /dev/null +++ b/boards/dx/oauth/websphere/index.html @@ -0,0 +1,5076 @@ + + + + + + + + + + + + + + + + + + + + + + + + + WebSphere OAuth Config - Huddo Docs + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
      + + + + Skip to content + + +
      +
      + +
      + + + + +
      + + +
      + +
      + + + + + + + + + +
      +
      + + + +
      +
      +
      + + + + + + + +
      +
      +
      + + + +
      +
      +
      + + + +
      +
      +
      + + + +
      +
      + + + + +

      WebSphere OAuth Config

      +

      OAuth must be configured in IBM WebSphere for Boards to authenticate with HCL DX.

      +
      +

      Tip

      +

      Remember to replace <username> & <password> with valid credentials

      +
      +

      Connect to the core server, e.g on Kubernetes:

      +
      kubectl exec -it hcl-dx-dev1-core-0 core -n hcl-dx-dev1 -- sh
+
      +

      Setup Provider

      +
        +
      1. +

        Create the OAuth provider by using the wsadmin utility

        +
        cd /opt/HCL/AppServer/bin
+./wsadmin.sh -lang jython -username <username> -password <password>
+AdminTask.createOAuthProvider('[-providerName OAuthConfig -fileName /opt/HCL/AppServer/properties/OAuthConfigSample.xml]')
+AdminConfig.save()
+quit
+
        +
        2. +
      2. +

        Enable Auto Authorize

        +

        Edit the OAuthConfig.xml file which was just created

        +

        vi /opt/HCL/wp_profile/config/cells/dockerCell/oauth20/OAuthConfig.xml

        +
        <parameter name="oauth20.autoauthorize.param" type="ws" customizable="false">
+    <value>autoauthz</value>
+</parameter>
+<parameter name="oauth20.autoauthorize.clients" type="ws" customizable="true">
+    <value>huddoboards</value>
+</parameter>
+
        +
        3. +
      3. +

        Restart the WebSphere Application Server

        +
        cd /opt/HCL/AppServer/bin
+./stopServer.sh WebSphere_Portal -profileName wp_profile -username wpsadmin -password wpsadmin
+./startServer.sh WebSphere_Portal -profileName wp_profile
+
        +
        4. +
      4. +

        Check TAI Interceptor properties set

        +

        Global security > Trust association > Interceptors > com.ibm.ws.security.oauth20.tai.OAuthTAI

        +
        provider_1.name=OAuthConfig
+provider_1.filter=Authorization%=Bearer
+
        +
        5. +
      +

      Register OAuth Clients

      +
        +
      1. +

        copy default client definitions

        +
        cp /opt/HCL/AppServer/properties/base.clients.xml /opt/HCL/wp_profile/config/cells/dockerCell/oauth20/
+
        +
        2. +
      2. +

        edit file to include Huddo Boards client

        +

        vi /opt/HCL/wp_profile/config/cells/dockerCell/oauth20/base.clients.xml

        +
        <client id="huddoboards" component="<OAUTH_PROVIDER_NAME>" secret="<OAUTH_SECRET>" displayname="Huddo Boards" redirect="https://<BOARDS_URL>/auth/dx/<BASE_64_ENCODED_DX_HOSTNAME>/callback" enabled="true">
+</client>
+
        +

        Where:

        +
          +
        • <OAUTH_PROVIDER_NAME> is the name of the Provider specified above, typically OAuthConfig
          • +
        • <OAUTH_SECRET> is a complex, random secret, e.g. a UUID. This will be required later.
          • +
        • <BOARDS_URL> is the URL of the Boards deployment, e.g. company.example.com/boards or boards.company.com
          • +
        • <BASE_64_ENCODED_DX_HOSTNAME> is a base64(dx-hostname) encoded string
          • +
        +

        For example:

        +
        <client id="huddoboards" component="OAuthConfig" secret="a2e3d8c3-7875-4512-a0da-8b5fd61f2245" displayname="Huddo Boards" redirect="https://boards.huddo.com/auth/dx/ZHhkZXYxLmlzd2xhYi5uZXQ=/callback" enabled="true">
+</client>
+
        +
        3. +
      +

      Install the OAuth 2.0 service provider application

      +
      cd /opt/HCL/AppServer/bin
+./wsadmin.sh -f ./installOAuth2Service.py install dockerNode WebSphere_Portal -profileName wp_profile -username <username> -password <password>
+
      +

      Enable TAI

      +
        +
      1. +

        Enable OAuth 2.0 TAI

        +
        cd /opt/HCL/AppServer/bin
+./wsadmin.sh -lang jython -username <username> -password <password>
+AdminTask.enableOAuthTAI()
+AdminConfig.save()
+quit
+
        +
        2. +
      2. +

        Restart the WebSphere Application Server

        +
        cd /opt/HCL/AppServer/bin
+./stopServer.sh WebSphere_Portal -profileName wp_profile -username <username> -password <password>
+./startServer.sh WebSphere_Portal -profileName wp_profile
+
        +
        3. +
      +

      Troubleshooting

      +

      Issue: SSL Error

      +
      ServletWrapper service CWSRV0014E: Uncaught service() exception root cause OAuth20EndpointServlet: javax.net.ssl.SSLHandshakeException: com.ibm.jsse2.util.j: PKIX path building failed: com.ibm.security.cert.IBMCertPathBuilderException: unable to find valid certification path to requested target
+
      +

      Resolution: Import the self-signed certificate into the WebSphere ISC

      + + + + + + + + + + + + + + + + + + + + +
      +
      + + + +
      + +
      + + + +
      +
      +
      +
      + + + + + + + + + + + + + + \ No newline at end of file diff --git a/boards/dx/portlet/applications.png b/boards/dx/portlet/applications.png new file mode 100644 index 000000000..eb9ef90bd Binary files /dev/null and b/boards/dx/portlet/applications.png differ diff --git a/boards/dx/portlet/boards-for-page.png b/boards/dx/portlet/boards-for-page.png new file mode 100644 index 000000000..e4f819005 Binary files /dev/null and b/boards/dx/portlet/boards-for-page.png differ diff --git a/boards/dx/portlet/boards-portlets.war b/boards/dx/portlet/boards-portlets.war new file mode 100644 index 000000000..b824a83df Binary files /dev/null and b/boards/dx/portlet/boards-portlets.war differ diff --git a/boards/dx/portlet/configure.png b/boards/dx/portlet/configure.png new file mode 100644 index 000000000..906a00f6f Binary files /dev/null and b/boards/dx/portlet/configure.png differ diff --git a/boards/dx/websphere-oauth/index.html b/boards/dx/portlet/index.html similarity index 91% rename from boards/dx/websphere-oauth/index.html rename to boards/dx/portlet/index.html index a6ab10275..33df4ce1d 100644 --- a/boards/dx/websphere-oauth/index.html +++ b/boards/dx/portlet/index.html @@ -12,7 +12,7 @@ - + @@ -22,7 +22,7 @@ - WebSphere OAuth Config - Huddo Docs + Boards Portlet - Huddo Docs @@ -74,7 +74,7 @@
      - + Skip to content @@ -108,7 +108,7 @@
      - WebSphere OAuth Config + Boards Portlet
      @@ -129,25 +129,25 @@