Maximo

I am trying to develop an automation script that could override an HTTP Endpoint and allow me to do OAUTH2.0. I am able to do this in postman by doing a POST against an initial URL and passing a body including a grant_type, client_id, client_secret and resource to this URL:
https://login.microsoftonline.com/abctenant/oauth2/token

This will then return a bearer access token in the JSON. I am then able to grab that access token, pass it as Authorization in the header and then do a GET or POST against our URI:
https://devabc123.cloudax.dynamics.com/data/Customers

My plan is that I could do this in the automation script code and grab that initial access token and then pass that along so the endpoint can use it in normal integration. We only need to send outbound data from Maximo. This will be for material receiving transactions and they will be triggered via the event listeners in Maximo.

1) I cannot understand where in chain of events I would be able to override the HTTP endpoint. In most of the examples on here, people are manually invoking the endpoint. In my case, I want the event listener to initiate my publish channel which will then send to the connected HTTP endpoint. How do I interject my code so when that receiving event triggers my publish channel, the HTTP endpoint can grab that access token and then everything will continue as normal?

2) As a simple test, I tried setting up an HTTP endpoint and manually passing the Authorization token via the headers in the endpoint parameters. I ran into a certification error below, is this a problem with WebSphere? Or do we actually need a valid certificate imported into WebSphere for this endpoint? See below for our system information.

psdi.util.MXSystemException: BMXAA1477E - The connection failed to the HTTP handler for the endpoint. Review the error and server log flies for information to indicate the cause of the issue, for example, incorrect properties in the DefaultHTTPExit.java handler class.
com.ibm.jsse2.util.h: PKIX path building failed: com.ibm.security.cert.IBMCertPathBuilderException: unable to find valid certification path to requested target
at psdi.iface.router.HTTPHandler.invoke(HTTPHandler.java:475)

Version Info:
App Server IBM WebSphere Application Server 9.0.5.2
Version Tivoli's process automation engine 7.6.1.1-IFIX20200624-1103 Build 20190514-1348 DB Build V7611-365 HFDB Build HF7611-26IBM Maximo Asset Management Work Centers 7.6.0.4 Build $build$ DB Build V7604-119IBM Maximo Enterprise Adapter for Oracle Applications 7.6.0.0-20190923-1157 Build 20150804-1717 DB Build V7600-05 HFDB Build HF7600-02IBM Maximo Asset Management Scheduler 7.6.7.3 Build 20190514-1348 DB Build V7673-78 HFDB Build HF7673-12IBM Tpae Integration Framework 7.6.1.1 Build 20190419-2330 DB Build V7611-01IBM Maximo Asset Management 7.6.1.1 Build 20190514-1348 DB Build V7611-01IoT Connection Utility 7.6.0.2 Build 20190426-2206 DB Build V7602-07
Server OS Windows Server 2016 10.0
Server DB Microsoft SQL Server 13.0 (13.00.4259)

------------------------------
Daniel Gruszka
------------------------------

#Maximo
#AssetandFacilitiesManagement

Daniel,

1) To implement a custom End Point Handler you'll need to write some Java code. I don't believe that IBM has hooked in automation scripting to custom end point handlers. This is likely why you see examples of handlers being called manually via automation scripts. We've solved this same challenge before by making multiple calls with the same end point - just manipulating the End Point parameters prior to making the call. Just make sure that you reload the End Point cache if you make updates on the fly:
https://a3jgroup.com/updating-end-points-and-reloading-cache-in-automation-script/

2) Yes, you'll need to import the certificate into WebSphere's trust store.
https://a3jgroup.com/import-ssl-certificates-into-websphere-trust-store/

Hope this helps,
Alex

------------------------------
Alex Walter
------------------------------

Original Message:
Sent: Tue September 22, 2020 07:15 PM
From: Daniel Gruszka
Subject: HTTP Endpoint with OAUTH2.0 for Outbound Integration from Maximo

I am trying to develop an automation script that could override an HTTP Endpoint and allow me to do OAUTH2.0. I am able to do this in postman by doing a POST against an initial URL and passing a body including a grant_type, client_id, client_secret and resource to this URL:
https://login.microsoftonline.com/abctenant/oauth2/token

This will then return a bearer access token in the JSON. I am then able to grab that access token, pass it as Authorization in the header and then do a GET or POST against our URI:
https://devabc123.cloudax.dynamics.com/data/Customers

My plan is that I could do this in the automation script code and grab that initial access token and then pass that along so the endpoint can use it in normal integration. We only need to send outbound data from Maximo. This will be for material receiving transactions and they will be triggered via the event listeners in Maximo.

1) I cannot understand where in chain of events I would be able to override the HTTP endpoint. In most of the examples on here, people are manually invoking the endpoint. In my case, I want the event listener to initiate my publish channel which will then send to the connected HTTP endpoint. How do I interject my code so when that receiving event triggers my publish channel, the HTTP endpoint can grab that access token and then everything will continue as normal?

2) As a simple test, I tried setting up an HTTP endpoint and manually passing the Authorization token via the headers in the endpoint parameters. I ran into a certification error below, is this a problem with WebSphere? Or do we actually need a valid certificate imported into WebSphere for this endpoint? See below for our system information.

psdi.util.MXSystemException: BMXAA1477E - The connection failed to the HTTP handler for the endpoint. Review the error and server log flies for information to indicate the cause of the issue, for example, incorrect properties in the DefaultHTTPExit.java handler class.
com.ibm.jsse2.util.h: PKIX path building failed: com.ibm.security.cert.IBMCertPathBuilderException: unable to find valid certification path to requested target
at psdi.iface.router.HTTPHandler.invoke(HTTPHandler.java:475)

Version Info:
App Server IBM WebSphere Application Server 9.0.5.2
Version Tivoli's process automation engine 7.6.1.1-IFIX20200624-1103 Build 20190514-1348 DB Build V7611-365 HFDB Build HF7611-26IBM Maximo Asset Management Work Centers 7.6.0.4 Build $build$ DB Build V7604-119IBM Maximo Enterprise Adapter for Oracle Applications 7.6.0.0-20190923-1157 Build 20150804-1717 DB Build V7600-05 HFDB Build HF7600-02IBM Maximo Asset Management Scheduler 7.6.7.3 Build 20190514-1348 DB Build V7673-78 HFDB Build HF7673-12IBM Tpae Integration Framework 7.6.1.1 Build 20190419-2330 DB Build V7611-01IBM Maximo Asset Management 7.6.1.1 Build 20190514-1348 DB Build V7611-01IoT Connection Utility 7.6.0.2 Build 20190426-2206 DB Build V7602-07
Server OS Windows Server 2016 10.0
Server DB Microsoft SQL Server 13.0 (13.00.4259)

------------------------------
Daniel Gruszka
------------------------------

#AssetandFacilitiesManagement
#Maximo

Hi Daniel,

The below technote is really good one for your use case:

https://www.ibm.com/support/pages/maximo-rest-client-example-calling-external-rest-service-logo-tiger-3-maximo-client

The author has explained the scenario and code pretty well and should solve your questions. I think it should be added to the Maximo Integration Libraries here.
Just 1 thing from my experience:
 I did not need to import certificate while post data using HTTPhanlder endpoint.
But, I did need to set  http protocol (i.e.TLS version) in myautoscript. 
I did that using the below code:
from java.lang import System
System.setProperty("https.protocols", "TLSv1,TLSv1.1,TLSv1.2")
It might not be required in your case as I was doing it in my local VM and installation of certificate might resolve your issue.

------------------------------
Biplab Choudhury
Maximo Consultant
Tata Consultancy Services
Melbourne
------------------------------

Original Message:
Sent: Tue September 22, 2020 07:15 PM
From: Daniel Gruszka
Subject: HTTP Endpoint with OAUTH2.0 for Outbound Integration from Maximo

I am trying to develop an automation script that could override an HTTP Endpoint and allow me to do OAUTH2.0. I am able to do this in postman by doing a POST against an initial URL and passing a body including a grant_type, client_id, client_secret and resource to this URL:
https://login.microsoftonline.com/abctenant/oauth2/token

This will then return a bearer access token in the JSON. I am then able to grab that access token, pass it as Authorization in the header and then do a GET or POST against our URI:
https://devabc123.cloudax.dynamics.com/data/Customers

My plan is that I could do this in the automation script code and grab that initial access token and then pass that along so the endpoint can use it in normal integration. We only need to send outbound data from Maximo. This will be for material receiving transactions and they will be triggered via the event listeners in Maximo.

1) I cannot understand where in chain of events I would be able to override the HTTP endpoint. In most of the examples on here, people are manually invoking the endpoint. In my case, I want the event listener to initiate my publish channel which will then send to the connected HTTP endpoint. How do I interject my code so when that receiving event triggers my publish channel, the HTTP endpoint can grab that access token and then everything will continue as normal?

2) As a simple test, I tried setting up an HTTP endpoint and manually passing the Authorization token via the headers in the endpoint parameters. I ran into a certification error below, is this a problem with WebSphere? Or do we actually need a valid certificate imported into WebSphere for this endpoint? See below for our system information.

psdi.util.MXSystemException: BMXAA1477E - The connection failed to the HTTP handler for the endpoint. Review the error and server log flies for information to indicate the cause of the issue, for example, incorrect properties in the DefaultHTTPExit.java handler class.
com.ibm.jsse2.util.h: PKIX path building failed: com.ibm.security.cert.IBMCertPathBuilderException: unable to find valid certification path to requested target
at psdi.iface.router.HTTPHandler.invoke(HTTPHandler.java:475)

Version Info:
App Server IBM WebSphere Application Server 9.0.5.2
Version Tivoli's process automation engine 7.6.1.1-IFIX20200624-1103 Build 20190514-1348 DB Build V7611-365 HFDB Build HF7611-26IBM Maximo Asset Management Work Centers 7.6.0.4 Build $build$ DB Build V7604-119IBM Maximo Enterprise Adapter for Oracle Applications 7.6.0.0-20190923-1157 Build 20150804-1717 DB Build V7600-05 HFDB Build HF7600-02IBM Maximo Asset Management Scheduler 7.6.7.3 Build 20190514-1348 DB Build V7673-78 HFDB Build HF7673-12IBM Tpae Integration Framework 7.6.1.1 Build 20190419-2330 DB Build V7611-01IBM Maximo Asset Management 7.6.1.1 Build 20190514-1348 DB Build V7611-01IoT Connection Utility 7.6.0.2 Build 20190426-2206 DB Build V7602-07
Server OS Windows Server 2016 10.0
Server DB Microsoft SQL Server 13.0 (13.00.4259)

------------------------------
Daniel Gruszka
------------------------------

#AssetandFacilitiesManagement
#Maximo

Appreciate the response @Biplab Choudhury ! That example is useful however it bypasses using the integration framework since it is doing all work directly within the automation script code. We want the publish channel to be invoked from a system event and then use the endpoint attached. This way if the integration fails, the message will queue in JMS and wait for reprocessing.

I was able to develop a solution to meet that requirement. Anamitra suggested using a Publish Channel Exit Script. I added code there to call the OAUTH endpoint (Also an HTTP endpoint), grab the token from the JSON response and then save it to the database on the publish channel HTTP Endpoint. My publish channel then uses that HTTP endpoint to make its call. This way if the integration fails, it can still be reprocessed.

Check out the details in this thread. I even added some code examples for OAUTH 2.0.

https://community.ibm.com/community/user/iot/communities/community-home/digestviewer/viewthread?MessageKey=a09d469c-6ffb-4817-bdf2-b8635bca0f1d&CommunityKey=ed77c224-45e2-47b0-b574-cc31496f9a41&tab=digestviewer&reply-inline=a09d469c-6ffb-4817-bdf2-b8635bca0f1d&reply-inline=1d33ad7a-f2ca-41bb-ba66-68d93f499bde&SuccessMsg=Thank%20you%20for%20submitting%20your%20message.
​​

------------------------------
Daniel Gruszka
------------------------------

Original Message:
Sent: Mon September 28, 2020 08:58 PM
From: Biplab Choudhury
Subject: HTTP Endpoint with OAUTH2.0 for Outbound Integration from Maximo

Hi Daniel,

The below technote is really good one for your use case:

https://www.ibm.com/support/pages/maximo-rest-client-example-calling-external-rest-service-logo-tiger-3-maximo-client

The author has explained the scenario and code pretty well and should solve your questions. I think it should be added to the Maximo Integration Libraries here.
Just 1 thing from my experience:
 I did not need to import certificate while post data using HTTPhanlder endpoint.
But, I did need to set  http protocol (i.e.TLS version) in myautoscript. 
I did that using the below code:
from java.lang import System
System.setProperty("https.protocols", "TLSv1,TLSv1.1,TLSv1.2")
It might not be required in your case as I was doing it in my local VM and installation of certificate might resolve your issue.

------------------------------
Biplab Choudhury
Maximo Consultant
Tata Consultancy Services
Melbourne

Original Message:
Sent: Tue September 22, 2020 07:15 PM
From: Daniel Gruszka
Subject: HTTP Endpoint with OAUTH2.0 for Outbound Integration from Maximo

I am trying to develop an automation script that could override an HTTP Endpoint and allow me to do OAUTH2.0. I am able to do this in postman by doing a POST against an initial URL and passing a body including a grant_type, client_id, client_secret and resource to this URL:
https://login.microsoftonline.com/abctenant/oauth2/token

This will then return a bearer access token in the JSON. I am then able to grab that access token, pass it as Authorization in the header and then do a GET or POST against our URI:
https://devabc123.cloudax.dynamics.com/data/Customers

My plan is that I could do this in the automation script code and grab that initial access token and then pass that along so the endpoint can use it in normal integration. We only need to send outbound data from Maximo. This will be for material receiving transactions and they will be triggered via the event listeners in Maximo.

1) I cannot understand where in chain of events I would be able to override the HTTP endpoint. In most of the examples on here, people are manually invoking the endpoint. In my case, I want the event listener to initiate my publish channel which will then send to the connected HTTP endpoint. How do I interject my code so when that receiving event triggers my publish channel, the HTTP endpoint can grab that access token and then everything will continue as normal?

2) As a simple test, I tried setting up an HTTP endpoint and manually passing the Authorization token via the headers in the endpoint parameters. I ran into a certification error below, is this a problem with WebSphere? Or do we actually need a valid certificate imported into WebSphere for this endpoint? See below for our system information.

psdi.util.MXSystemException: BMXAA1477E - The connection failed to the HTTP handler for the endpoint. Review the error and server log flies for information to indicate the cause of the issue, for example, incorrect properties in the DefaultHTTPExit.java handler class.
com.ibm.jsse2.util.h: PKIX path building failed: com.ibm.security.cert.IBMCertPathBuilderException: unable to find valid certification path to requested target
at psdi.iface.router.HTTPHandler.invoke(HTTPHandler.java:475)

Version Info:
App Server IBM WebSphere Application Server 9.0.5.2
Version Tivoli's process automation engine 7.6.1.1-IFIX20200624-1103 Build 20190514-1348 DB Build V7611-365 HFDB Build HF7611-26IBM Maximo Asset Management Work Centers 7.6.0.4 Build $build$ DB Build V7604-119IBM Maximo Enterprise Adapter for Oracle Applications 7.6.0.0-20190923-1157 Build 20150804-1717 DB Build V7600-05 HFDB Build HF7600-02IBM Maximo Asset Management Scheduler 7.6.7.3 Build 20190514-1348 DB Build V7673-78 HFDB Build HF7673-12IBM Tpae Integration Framework 7.6.1.1 Build 20190419-2330 DB Build V7611-01IBM Maximo Asset Management 7.6.1.1 Build 20190514-1348 DB Build V7611-01IoT Connection Utility 7.6.0.2 Build 20190426-2206 DB Build V7602-07
Server OS Windows Server 2016 10.0
Server DB Microsoft SQL Server 13.0 (13.00.4259)

------------------------------
Daniel Gruszka
------------------------------

#AssetandFacilitiesManagement
#Maximo

Hi Biplab,

I have written an automation script for the OAUTH2 authentication with external server,

I trired to fetch the token as shown in the link below 

https://www.ibm.com/support/pages/maximo-rest-client-example-calling-external-rest-service-logo-tiger-3-maximo-client

I did use line code as the TSLv1.1 is deprecated by microsoft on 30th november 2022

from java.lang import System
System.setProperty("https.protocols", "TLSv1.2")

But after this when I am making a call I am getting below error

URL : https://login.microsoftonline.com/41cb5478-1f8a-4a8e-a2b7-58bbc1198c52/oauth2/v2.0/token HTTP/1.1)

('response is:', HTTP/1.1 400 Bad Request)

('status is:', 400)

('error desc:', {trace_id: 889dd5bc-0c84-408e-b3a0-dcfa6267b201, error_description: AADSTS1002016: You are using TLS version 1.0, 1.1 and/or 3DES cipher which are deprecated to improve the security posture of Azure AD. Your TenantID is: 41cb5478-1f8a-4a8e-a2b7-58bbc1198c52. Please refer to https://go.microsoft.com/fwlink/?linkid=2161187 and conduct needed actions to remediate the issue. For further questions, please contact your administrator.
Trace ID: 889dd5bc-0c84-408e-b3a0-dcfa6267b201
Correlation ID: fcfe5968-64b2-4a30-b87f-0319251d45f7
Timestamp: 2022-12-09 09:50:45Z, correlation_id: fcfe5968-64b2-4a30-b87f-0319251d45f7,
error_codes: [1002016],
error: invalid_request,
timestamp: 2022-12-09 09:50:45Z})

Earlier my script was working fine but after the recent deprecation of TLS version by microsoft, I am unable to get the token response here.

Can you please help me here I am kind of preety much stuck.

Thanks,
Nithunveer

------------------------------
nithunveer Rampally
------------------------------

Original Message:
Sent: Mon September 28, 2020 08:58 PM
From: Biplab Choudhury
Subject: HTTP Endpoint with OAUTH2.0 for Outbound Integration from Maximo

Hi Daniel,

The below technote is really good one for your use case:

https://www.ibm.com/support/pages/maximo-rest-client-example-calling-external-rest-service-logo-tiger-3-maximo-client

The author has explained the scenario and code pretty well and should solve your questions. I think it should be added to the Maximo Integration Libraries here.
Just 1 thing from my experience:
 I did not need to import certificate while post data using HTTPhanlder endpoint.
But, I did need to set  http protocol (i.e.TLS version) in myautoscript. 
I did that using the below code:
from java.lang import System
System.setProperty("https.protocols", "TLSv1,TLSv1.1,TLSv1.2")
It might not be required in your case as I was doing it in my local VM and installation of certificate might resolve your issue.

------------------------------
Biplab Choudhury
Maximo Consultant
Tata Consultancy Services
Melbourne

Original Message:
Sent: Tue September 22, 2020 07:15 PM
From: Daniel Gruszka
Subject: HTTP Endpoint with OAUTH2.0 for Outbound Integration from Maximo

I am trying to develop an automation script that could override an HTTP Endpoint and allow me to do OAUTH2.0. I am able to do this in postman by doing a POST against an initial URL and passing a body including a grant_type, client_id, client_secret and resource to this URL:
https://login.microsoftonline.com/abctenant/oauth2/token

This will then return a bearer access token in the JSON. I am then able to grab that access token, pass it as Authorization in the header and then do a GET or POST against our URI:
https://devabc123.cloudax.dynamics.com/data/Customers

My plan is that I could do this in the automation script code and grab that initial access token and then pass that along so the endpoint can use it in normal integration. We only need to send outbound data from Maximo. This will be for material receiving transactions and they will be triggered via the event listeners in Maximo.

1) I cannot understand where in chain of events I would be able to override the HTTP endpoint. In most of the examples on here, people are manually invoking the endpoint. In my case, I want the event listener to initiate my publish channel which will then send to the connected HTTP endpoint. How do I interject my code so when that receiving event triggers my publish channel, the HTTP endpoint can grab that access token and then everything will continue as normal?

2) As a simple test, I tried setting up an HTTP endpoint and manually passing the Authorization token via the headers in the endpoint parameters. I ran into a certification error below, is this a problem with WebSphere? Or do we actually need a valid certificate imported into WebSphere for this endpoint? See below for our system information.

psdi.util.MXSystemException: BMXAA1477E - The connection failed to the HTTP handler for the endpoint. Review the error and server log flies for information to indicate the cause of the issue, for example, incorrect properties in the DefaultHTTPExit.java handler class.
com.ibm.jsse2.util.h: PKIX path building failed: com.ibm.security.cert.IBMCertPathBuilderException: unable to find valid certification path to requested target
at psdi.iface.router.HTTPHandler.invoke(HTTPHandler.java:475)

Version Info:
App Server IBM WebSphere Application Server 9.0.5.2
Version Tivoli's process automation engine 7.6.1.1-IFIX20200624-1103 Build 20190514-1348 DB Build V7611-365 HFDB Build HF7611-26IBM Maximo Asset Management Work Centers 7.6.0.4 Build $build$ DB Build V7604-119IBM Maximo Enterprise Adapter for Oracle Applications 7.6.0.0-20190923-1157 Build 20150804-1717 DB Build V7600-05 HFDB Build HF7600-02IBM Maximo Asset Management Scheduler 7.6.7.3 Build 20190514-1348 DB Build V7673-78 HFDB Build HF7673-12IBM Tpae Integration Framework 7.6.1.1 Build 20190419-2330 DB Build V7611-01IBM Maximo Asset Management 7.6.1.1 Build 20190514-1348 DB Build V7611-01IoT Connection Utility 7.6.0.2 Build 20190426-2206 DB Build V7602-07
Server OS Windows Server 2016 10.0
Server DB Microsoft SQL Server 13.0 (13.00.4259)

------------------------------
Daniel Gruszka
------------------------------

#Maximo
#AssetandFacilitiesManagement