Content Management and Capture

 View Only
  • 1.  FileNet API SSO using OIDC procedure in FileNet 5.5.9

    Posted Wed September 07, 2022 09:35 AM
    Hi,

    Recently from 5.5.9, FileNet has support for API SSO using OIDC. I have a couple of queries regarding this.

    1) Is there any additional configuration to be done at WebSphere level to achieve this ?

    2) The sample mentioned in the Knowledge center is only for Java. Is there any available sample we can use for C# or ASp.Net ?

    Thanks and Regards,
    Amit

    ------------------------------
    amit bagusetty
    ------------------------------


  • 2.  RE: FileNet API SSO using OIDC procedure in FileNet 5.5.9

    Posted Thu September 08, 2022 01:50 PM
    The CPE WebSphere server has to be configured to accept OAuth/OIDC tokens.  If your CPE server is running on traditional WebSphere, here are a couple of blog posts that describe how to set up OIDC on traditional WebSphere for CPE

    How to Configure LTPA/OAuth/OIDC SSO with FileNet ICN, CS GraphQL, and CPE on WebSphere ND Application Server
    https://community.ibm.com/community/user/automation/blogs/roger-bacalzo1/2021/05/28/how-to-configure-sso-with-fncm-on-websphere-nd

    How to Configure LTPA/OAuth/OIDC SSO with FileNet ICN, CS GraphQL, and CPE on WebSphere traditional application server
    https://community.ibm.com/community/user/automation/blogs/roger-bacalzo1/2020/12/17/how-to-configure-sso-between-icn-and-cpe

    The new OpenTokenCredentials API is also available for C# CPE clients.  Here's sample code on how to use it.

    // Set connection parameters; substitute for the placeholders.
    String uri = "https://<hostname>:<portnumber>/wsi/FNCEWS40MTOM/";
    String username = "<username>"
    String authToken = "<authToken>" // Client application method to obtain OAuth or OIDC SSO token

    // Get client context.
    IConnection conn = Factory.Connection.GetConnection(uri);
    OpenTokenCredentials creds = new OpenTokenCredentials(username, authToken, null);
    ClientContext.SetProcessCredentials(creds);

    // Get default domain.
    IDomain domain = Factory.Domain.FetchInstance(conn, null, null);
    Debug.WriteLine("Domain: " + domain.Name);



    ------------------------------
    ROGER Bacalzo
    ------------------------------



  • 3.  RE: FileNet API SSO using OIDC procedure in FileNet 5.5.9

    Posted Thu September 15, 2022 09:04 AM
    Hi Roger,

    Thanks for the information. 

    We currently use ASP,NET for FileNet and use Kerberos authentication and would typically like to switch to OIDC for SSO.

    Is there any documentation or information on how to configure any FileNet ASP.NET client to use OIDC with any IDP.

    Thanks and Regards,
    Amit

    ------------------------------
    amit bagusetty
    ------------------------------



  • 4.  RE: FileNet API SSO using OIDC procedure in FileNet 5.5.9

    Posted Fri September 16, 2022 03:46 PM
    Hi Amit, no we don't provide any documentation on using ASP.NET with OIDC.  However, you should be able to find Microsoft documentation on this topic, since this is a Microsoft feature. 

    Once you have your ASP.NET application working with OIDC, you should be able to obtain the Bearer token resulting from the OIDC authentication and pass that Bearer token to FileNet using the OpenTokenCredentials API example I provided.

    ------------------------------
    ROGER Bacalzo
    ------------------------------



  • 5.  RE: FileNet API SSO using OIDC procedure in FileNet 5.5.9

    Posted Wed August 30, 2023 11:03 AM

    Hi ROGER,

    does OpenTokenCredentials  supported on 5.5.8?
    can you provide please java sample code how to authentication using OpenTokenCredentials  ?

    our current environment:
    FN 5.5.8

    WAS 9.0.5.11



     



    ------------------------------
    Ahmed
    alssarty@yahoo.com
    ------------------------------



  • 6.  RE: FileNet API SSO using OIDC procedure in FileNet 5.5.9

    Posted Wed August 30, 2023 11:56 AM

    The OpenTokenCredentials API is available only in CPE 5.5.9 and later.  Here are some documentation links on how to use it:

    • Single sign-on integrations via Content Engine API Bearer Token Authentication 
      • https://www.ibm.com/docs/en/filenet-p8-platform/5.5.x?topic=authentication-v559-later-single-sign-integrations-via-content-engine-api-bearer-token
    • Credentials Java API
      • https://www.ibm.com/docs/en/filenet-p8-platform/5.5.x?topic=comfilenetapiauthentication-credentials
    • OpenTokenCredentials Java API
      • https://www.ibm.com/docs/en/filenet-p8-platform/5.5.x?topic=comfilenetapiauthentication-opentokencredentials
    • Credentials .NET API
      • https://www.ibm.com/docs/en/filenet-p8-platform/5.5.x?topic=namespace-credentials-class
    • OpenTokenCredentials .NET API
      • https://www.ibm.com/docs/en/filenet-p8-platform/5.5.x?topic=namespace-opentokencredentials-class


    ------------------------------
    ROGER Bacalzo
    ------------------------------



  • 7.  RE: FileNet API SSO using OIDC procedure in FileNet 5.5.9

    Posted Tue October 10, 2023 10:24 AM

    Hi ROGER, is there any sample code to get a VWSession with OpenTokenCredentials ?



    ------------------------------
    Mahmoud Saleh
    ------------------------------



  • 8.  RE: FileNet API SSO using OIDC procedure in FileNet 5.5.9

    Posted Thu October 12, 2023 01:28 PM

    Unfortunately, the OpenTokenCredentials API does not yet work properly with the PE API to get a VWSession.  That is being worked on and will be available in a future release.



    ------------------------------
    ROGER Bacalzo
    ------------------------------



  • 9.  RE: FileNet API SSO using OIDC procedure in FileNet 5.5.9

    Posted Fri October 13, 2023 03:31 AM

    Hello ROGER, so using OpenTokenCredentials API there's currently no support at all to launch workflows or to get work items even with REST APIs?



    ------------------------------
    Mahmoud Saleh
    ------------------------------