FileNet API SSO using OIDC procedure in FileNet 5.5.9

View Only

Expand all | Collapse all

FileNet API SSO using OIDC procedure in FileNet 5.5.9

1. FileNet API SSO using OIDC procedure in FileNet 5.5.9

1 Like
amit bagusetty
Posted Wed September 07, 2022 09:35 AM

Reply
Hi,

Recently from 5.5.9, FileNet has support for API SSO using OIDC. I have a couple of queries regarding this.

1) Is there any additional configuration to be done at WebSphere level to achieve this ?

2) The sample mentioned in the Knowledge center is only for Java. Is there any available sample we can use for C# or ASp.Net ?

Thanks and Regards,
Amit

------------------------------
amit bagusetty
------------------------------
2. RE: FileNet API SSO using OIDC procedure in FileNet 5.5.9

0 Like
ROGER Bacalzo
Posted Thu September 08, 2022 01:50 PM

Reply
The CPE WebSphere server has to be configured to accept OAuth/OIDC tokens. If your CPE server is running on traditional WebSphere, here are a couple of blog posts that describe how to set up OIDC on traditional WebSphere for CPE

How to Configure LTPA/OAuth/OIDC SSO with FileNet ICN, CS GraphQL, and CPE on WebSphere ND Application Server
https://community.ibm.com/community/user/automation/blogs/roger-bacalzo1/2021/05/28/how-to-configure-sso-with-fncm-on-websphere-nd

How to Configure LTPA/OAuth/OIDC SSO with FileNet ICN, CS GraphQL, and CPE on WebSphere traditional application server
https://community.ibm.com/community/user/automation/blogs/roger-bacalzo1/2020/12/17/how-to-configure-sso-between-icn-and-cpe

The new OpenTokenCredentials API is also available for C# CPE clients. Here's sample code on how to use it.

// Set connection parameters; substitute for the placeholders.
String uri = "https://<hostname>:<portnumber>/wsi/FNCEWS40MTOM/";
String username = "<username>"
String authToken = "<authToken>" // Client application method to obtain OAuth or OIDC SSO token

// Get client context.
IConnection conn = Factory.Connection.GetConnection(uri);
OpenTokenCredentials creds = new OpenTokenCredentials(username, authToken, null);
ClientContext.SetProcessCredentials(creds);

// Get default domain.
IDomain domain = Factory.Domain.FetchInstance(conn, null, null);
Debug.WriteLine("Domain: " + domain.Name);

------------------------------
ROGER Bacalzo
------------------------------

Original Message
3. RE: FileNet API SSO using OIDC procedure in FileNet 5.5.9

0 Like
amit bagusetty
Posted Thu September 15, 2022 09:04 AM

Reply
Hi Roger,

Thanks for the information.

We currently use ASP,NET for FileNet and use Kerberos authentication and would typically like to switch to OIDC for SSO.

Is there any documentation or information on how to configure any FileNet ASP.NET client to use OIDC with any IDP.

Thanks and Regards,
Amit

------------------------------
amit bagusetty
------------------------------

Original Message
4. RE: FileNet API SSO using OIDC procedure in FileNet 5.5.9

0 Like
ROGER Bacalzo
Posted Fri September 16, 2022 03:46 PM

Reply
Hi Amit, no we don't provide any documentation on using ASP.NET with OIDC. However, you should be able to find Microsoft documentation on this topic, since this is a Microsoft feature.

Once you have your ASP.NET application working with OIDC, you should be able to obtain the Bearer token resulting from the OIDC authentication and pass that Bearer token to FileNet using the OpenTokenCredentials API example I provided.

------------------------------
ROGER Bacalzo
------------------------------

Original Message
5. RE: FileNet API SSO using OIDC procedure in FileNet 5.5.9

0 Like
Ahmed Alsareti
Posted Wed August 30, 2023 11:03 AM

Reply
Hi ROGER,

does OpenTokenCredentials supported on 5.5.8?
can you provide please java sample code how to authentication using OpenTokenCredentials ?

our current environment:
FN 5.5.8

WAS 9.0.5.11

------------------------------
Ahmed
alssarty@yahoo.com
------------------------------

Original Message
6. RE: FileNet API SSO using OIDC procedure in FileNet 5.5.9

0 Like
ROGER Bacalzo
Posted Wed August 30, 2023 11:56 AM

Reply
The OpenTokenCredentials API is available only in CPE 5.5.9 and later. Here are some documentation links on how to use it:

Single sign-on integrations via Content Engine API Bearer Token Authentication

https://www.ibm.com/docs/en/filenet-p8-platform/5.5.x?topic=authentication-v559-later-single-sign-integrations-via-content-engine-api-bearer-token

Credentials Java API

https://www.ibm.com/docs/en/filenet-p8-platform/5.5.x?topic=comfilenetapiauthentication-credentials

OpenTokenCredentials Java API

https://www.ibm.com/docs/en/filenet-p8-platform/5.5.x?topic=comfilenetapiauthentication-opentokencredentials

Credentials .NET API

https://www.ibm.com/docs/en/filenet-p8-platform/5.5.x?topic=namespace-credentials-class

OpenTokenCredentials .NET API

https://www.ibm.com/docs/en/filenet-p8-platform/5.5.x?topic=namespace-opentokencredentials-class

------------------------------
ROGER Bacalzo
------------------------------

Original Message
7. RE: FileNet API SSO using OIDC procedure in FileNet 5.5.9

0 Like
Mahmoud Saleh
Posted Tue October 10, 2023 10:24 AM

Reply
Hi ROGER, is there any sample code to get a VWSession with OpenTokenCredentials ?

------------------------------
Mahmoud Saleh
------------------------------

Original Message
8. RE: FileNet API SSO using OIDC procedure in FileNet 5.5.9

0 Like
ROGER Bacalzo
Posted Thu October 12, 2023 01:28 PM

Reply
Unfortunately, the OpenTokenCredentials API does not yet work properly with the PE API to get a VWSession. That is being worked on and will be available in a future release.

------------------------------
ROGER Bacalzo
------------------------------

Original Message
9. RE: FileNet API SSO using OIDC procedure in FileNet 5.5.9

0 Like
Mahmoud Saleh
Posted Fri October 13, 2023 03:31 AM

Reply
Hello ROGER, so using OpenTokenCredentials API there's currently no support at all to launch workflows or to get work items even with REST APIs?

------------------------------
Mahmoud Saleh
------------------------------

Original Message

IBM Business Automation Community

Come for answers. Stay for best practices. All we’re missing is you.

Content Management and Capture

FileNet API SSO using OIDC procedure in FileNet 5.5.9

amit bagusettyWed September 07, 2022 09:35 AM

ROGER BacalzoThu September 08, 2022 01:50 PM

amit bagusettyThu September 15, 2022 09:04 AM

ROGER BacalzoFri September 16, 2022 03:46 PM

Ahmed AlsaretiWed August 30, 2023 11:03 AM

ROGER BacalzoWed August 30, 2023 11:56 AM

Mahmoud SalehTue October 10, 2023 10:24 AM

ROGER BacalzoThu October 12, 2023 01:28 PM

Mahmoud SalehFri October 13, 2023 03:31 AM

1. FileNet API SSO using OIDC procedure in FileNet 5.5.9

2. RE: FileNet API SSO using OIDC procedure in FileNet 5.5.9

3. RE: FileNet API SSO using OIDC procedure in FileNet 5.5.9

4. RE: FileNet API SSO using OIDC procedure in FileNet 5.5.9

5. RE: FileNet API SSO using OIDC procedure in FileNet 5.5.9

6. RE: FileNet API SSO using OIDC procedure in FileNet 5.5.9

7. RE: FileNet API SSO using OIDC procedure in FileNet 5.5.9

8. RE: FileNet API SSO using OIDC procedure in FileNet 5.5.9

9. RE: FileNet API SSO using OIDC procedure in FileNet 5.5.9