Establishing cross-application Trust

After the Windchill™ Adapter is installed and configured, a Jazz administrator must configure IBM ™ Jazz Collaborative Lifecycle Management (CLM) so that it can consume OSLC services provided by the Adapter for PTC ™ Windchill.

Additionally, a Windchill administrator must configure the Adapter for Windchill so that it can consume OSLC services provided by Jazz CCM, Doors Next Generation RM, and Global Configurations GC.

Three Jazz applications must be configured:

Coupling CLM CCM with the Adapter

Your goal is inform CCM and the Adapter that each other is a trusted application. Because information is to be exchanged in both directions between the applications, establishing this trust involves:

Begin creating the trust relationship by configuring CCM’s Friends to include the Adapter.

Friends (Outbound)

Complete this process to inform CCM that an Adapter is its OSLC CM Friend, that the CCM application is permitted to make OSLC CM requests to the configured Adapter using the OAuth credentials that this process will create and store.

The relationship created here between two applications is called a friend link. Friend links between applications indicate that requests coming from the consumer application to the friend application can be trusted. By configuring friend links, the application can communicate with friend applications that support OAuth authentication. The CCM Add Friend Screen allows the establishment of a “friend” relationship between an external OSLC Provider with the CCM application as it acts as an OSLC Consumer.

Information Access Assurance: this process establishes a foundation of trust between the Jazz applications, the Windchill application, and the Adapter. Actual exchange of information and access to information will be performed within the limited rights of each individual user. When a user attempts to access information, they are challenged for their user credentials in each application and then the OAuth credentials created in this process are used to automate the exchange of permissions between the trusted applications.

  1. Browse to the Change and Configuration Management (CCM) Application Administration Screen at https://rtc.acme.com:9443/ccm/admin
  2. Click Friends (Outbound) on the lefthand side of the CCM Application Administration page.
  3. Find near the start of the set of CCM Friends and then click the Add... text
  4. Enter a name to identify this entry in CCM’s Friends list
  5. Enter the Rootservices URI for the Adapter application that you want to add as a Friend to Jazz CCM.
  6. Enter an OAuth secret, a code phrase to be associated with the new OAuth consumer key that the Friend application (the Adapter) will generate and store.
  7. Re-type your code phrase to help prevent typos.
  8. Click the Create Friend button to create the newly added outbound Friend.
  9. Click Next in the CCM Add Friend Success Frame to proceed to the Authorize Provisional Key dialog.
  10. The CCM Authorize Provisional Key Dialog is displayed to solicit credentials for access to the OSLC Provider’s information by the OSLC Consumer. Click the link “Grant access for the provisional key” and complete the access grant using the user credentials of a Windchill Administrator.
  11. Click “Allow” to complete the registration of the Friend and registration of the authentication key.
  12. After you (acting as Windchill administrator) have approved the exchange of credentials, the CCM Authorize Provisional Key Entry Dialog is presented to enable you (acting as Windchill administrator) to enter the key and to complete the grant.
  13. The CCM Friends Screen summarizes the Friend relationships that are recorded between external OSLC Providers and this CCM application as it acts as an OSLC Consumer. Observe that the Friend relationship to the Adapter has been recorded.

This completes the registration of a chosen Rational Lifecycle Integration Adapter as a proxy OSLC Provider for a particular Windchill PLM system.

Behind the Scenes: when the Create Friend button added the outbound Friend, Jazz CCM made a request over to the selected Adapter. There, the Adapter created a new OSLC Consumer (not Friend!) in its OAuth Consumer store and it saved the Consumer Key and Consumer Secret specified by the user in the above process. If credentials become obsolete between Jazz CCM and Friend Adapters, the Adapter administrator may need to delete Consumers from its store using the Adapter Configuration Administration pages.

Consumers (Inbound)

After Jazz CCM recognizes the Adapter as a Friend OSLC Provider, you need to configure PTC Windchill such that Jazz CCM recognizes the Adapter as a trusted OSLC Consumer. To achieve this, you need to add and manage OAuth Consumers. An OAuth consumer is another application that is allowed to send requests to the Jazz CCM application on behalf of an authorized user.

  1. Browse to the Change and Configuration Management (CCM) Application Administration Screen at https://rtc.acme.com:9443/ccm/admin.
  2. In the Communication menu, click Consumers (Inbound) and Register a new consumer with Name and Secret.
  3. Click register and the key will be generated automatically by the server.
  4. Go to https://oslc-windchill.acme.com:8443/oslc-windchill/configuration/admin page and click the Friends tab.
  5. Fill in the RTC server name, the Root Services URI (e.g. https://rtc.acme.com:9443/ccm/rootservices), the chosen customer key and secret.
  6. Click Add Friend.

This completes the registration of the Adapter as a proxy OSLC CM Consumer for services from the Jazz RTC ALM system.

Coupling the Adapter with DNG RM

Friends (Outbound)
  1. Browse to the Doors Next Generation (RM) Application Administration Screen at https://rtc.acme.com:9443/rm/admin (this requires authenticating with the IBM DNG system). This is the “home screen” for the administration of RM applications within the IBM DNG system.
  2. Click Friends (Outbound) in the RM Application Administration Screen.
  3. Enter a name to identify this entry in the friends list
  4. Enter the Rootservices URI for the server you want to add as a friend.
  5. Enter an OAuth secret, a code phrase to be associated with the new OAuth consumer key from the friend server.
  6. Re-type your code phrase to help prevent typos.
  7. Click the Create Friend button to create the newly added outbound Friend.
  8. Click Next in the RM Add Friend Success Frame to proceed to the Authorize Provisional Key dialog.
  9. The RM Authorize Provisional Key Dialog is displayed to solicit credentials for access to the OSLC Provider’s information by the OSLC Consumer. Click the link “Grant access for the provisional key” and complete the access grant using the user credentials of a Windchill Administrator.
  10. Click “Allow” to complete the registration of the Friend and registration of the authentication key.
  11. After the administrator has approved the exchange of credentials, the RM Authorize Provisional Key Entry Dialog is presented to enable the administrator to enter the key and to complete the grant.
  12. The RM Friends Screen summarizes the friend’s relationships that are recorded between external OSLC Providers and this RM application as it acts as an OSLC Consumer. Observe that the Friend relationship to the Adapter has been recorded.

This completes the registration of the Adapter as a proxy OSLC AM Provider for the Windchill PLM system.

Consumers (Inbound)

Now that the RM system recognizes the Adapter as a friend OSLC AM Provider, one needs to configure PTC Windchill such that the system recognizes the Adapter as a friend OSLC RM Consumer. To achieve this, you need to add and manage OAuth consumers. An OAuth consumer is another application that is allowed to send requests to this application on behalf of an authorized user.

  1. Browse to the Requirements Management (RM) Application Administration Screen at https://rtc.acme.com:9443/rm/admin.
  2. In the Communication menu, click Consumers (Inbound) and Register a new consumer with Name and Secret.
  3. Click register and the key will be generated automatically by the server.
  4. Go to https://oslc-windchill.acme.com:8443/oslc-windchill/configuration/admin page and click the Friends tab.
  5. Fill in the RM server name, the Root Services URI (e.g. https://rtc.acme.com:9443/rm/rootservices), the chosen customer key and secret.
  6. Click Add Friend.

This completes the registration of the Adapter as a proxy OSLC RM Consumer for services from the Jazz RM ALM system.