Maximo

Maximo-ICON.png

Maximo

Learn how to increase the operational efficiency of the assets you manage, and improve overall equipment effectiveness by using IoT data and AI.

Maximo-ICON.png

TRIRIGA

Reduce the operational costs of the facilities you manage, and create more engaging occupant experiences through the application of IoT data and AI.

Maximo-ICON.png

Engineering

Learn how IoT data and AI are being applied to transform the end-to-end engineering lifecycle.

Expand all | Collapse all

HTTP Endpoint with OAUTH2.0 for Outbound Integration from Maximo

  • 1.  HTTP Endpoint with OAUTH2.0 for Outbound Integration from Maximo

    Posted 30 days ago
    I am trying to develop an automation script that could override an HTTP Endpoint and allow me to do OAUTH2.0. I am able to do this in postman by doing a POST against an initial URL and passing a body including a grant_type, client_id, client_secret and resource to this URL:
    https://login.microsoftonline.com/abctenant/oauth2/token

    This will then return a bearer access token in the JSON. I am then able to grab that access token, pass it as Authorization in the header and then do a GET or POST against our URI:
    https://devabc123.cloudax.dynamics.com/data/Customers

    My plan is that I could do this in the automation script code and grab that initial access token and then pass that along so the endpoint can use it in normal integration. We only need to send outbound data from Maximo. This will be for material receiving transactions and they will be triggered via the event listeners in Maximo.

    1) I cannot understand where in chain of events I would be able to override the HTTP endpoint. In most of the examples on here, people are manually invoking the endpoint. In my case, I want the event listener to initiate my publish channel which will then send to the connected HTTP endpoint. How do I interject my code so when that receiving event triggers my publish channel, the HTTP endpoint can grab that access token and then everything will continue as normal?

    2) As a simple test, I tried setting up an HTTP endpoint and manually passing the Authorization token via the headers in the endpoint parameters. I ran into a certification error below, is this a problem with WebSphere? Or do we actually need a valid certificate imported into WebSphere for this endpoint? See below for our system information.

    psdi.util.MXSystemException: BMXAA1477E - The connection failed to the HTTP handler for the endpoint. Review the error and server log flies for information to indicate the cause of the issue, for example, incorrect properties in the DefaultHTTPExit.java handler class.
    com.ibm.jsse2.util.h: PKIX path building failed: com.ibm.security.cert.IBMCertPathBuilderException: unable to find valid certification path to requested target
    at psdi.iface.router.HTTPHandler.invoke(HTTPHandler.java:475)

    Version Info:
    App Server IBM WebSphere Application Server 9.0.5.2
    Version Tivoli's process automation engine 7.6.1.1-IFIX20200624-1103 Build 20190514-1348 DB Build V7611-365 HFDB Build HF7611-26IBM Maximo Asset Management Work Centers 7.6.0.4 Build $build$ DB Build V7604-119IBM Maximo Enterprise Adapter for Oracle Applications 7.6.0.0-20190923-1157 Build 20150804-1717 DB Build V7600-05 HFDB Build HF7600-02IBM Maximo Asset Management Scheduler 7.6.7.3 Build 20190514-1348 DB Build V7673-78 HFDB Build HF7673-12IBM Tpae Integration Framework 7.6.1.1 Build 20190419-2330 DB Build V7611-01IBM Maximo Asset Management 7.6.1.1 Build 20190514-1348 DB Build V7611-01IoT Connection Utility 7.6.0.2 Build 20190426-2206 DB Build V7602-07
    Server OS Windows Server 2016 10.0
    Server DB Microsoft SQL Server 13.0 (13.00.4259)

    ------------------------------
    Daniel Gruszka
    ------------------------------


  • 2.  RE: HTTP Endpoint with OAUTH2.0 for Outbound Integration from Maximo

    Posted 30 days ago
    Daniel,

    1) To implement a custom End Point Handler you'll need to write some Java code. I don't believe that IBM has hooked in automation scripting to custom end point handlers. This is likely why you see examples of handlers being called manually via automation scripts. We've solved this same challenge before by making multiple calls with the same end point - just manipulating the End Point parameters prior to making the call. Just make sure that you reload the End Point cache if you make updates on the fly:
    https://a3jgroup.com/updating-end-points-and-reloading-cache-in-automation-script/

    2) Yes, you'll need to import the certificate into WebSphere's trust store.
    https://a3jgroup.com/import-ssl-certificates-into-websphere-trust-store/

    Hope this helps,
    Alex

    ------------------------------
    Alex Walter
    ------------------------------



  • 3.  RE: HTTP Endpoint with OAUTH2.0 for Outbound Integration from Maximo

    Posted 25 days ago
    Hi Daniel,

    The below technote is really good one for your use case:

    https://www.ibm.com/support/pages/maximo-rest-client-example-calling-external-rest-service-logo-tiger-3-maximo-client

    The author has explained the scenario and code pretty well and should solve your questions. I think it should be added to the Maximo Integration Libraries here.
    Just 1 thing from my experience:
     I did not need to import certificate while post data using HTTPhanlder endpoint.
    But, I did need to set  http protocol (i.e.TLS version) in myautoscript. 
    I did that using the below code:
    from java.lang import System
    System.setProperty("https.protocols", "TLSv1,TLSv1.1,TLSv1.2")
    It might not be required in your case as I was doing it in my local VM and installation of certificate might resolve your issue.

    ------------------------------
    Biplab Choudhury
    Maximo Consultant
    Tata Consultancy Services
    Melbourne
    ------------------------------



  • 4.  RE: HTTP Endpoint with OAUTH2.0 for Outbound Integration from Maximo

    Posted 22 days ago
    Appreciate the response @Biplab Choudhury ! That example is useful however it bypasses using the integration framework since it is doing all work directly within the automation script code. We want the publish channel to be invoked from a system event and then use the endpoint attached. This way if the integration fails, the message will queue in JMS and wait for reprocessing.

    I was able to develop a solution to meet that requirement. Anamitra suggested using a Publish Channel Exit Script. I added code there to call the OAUTH endpoint (Also an HTTP endpoint), grab the token from the JSON response and then save it to the database on the publish channel HTTP Endpoint. My publish channel then uses that HTTP endpoint to make its call. This way if the integration fails, it can still be reprocessed.

    Check out the details in this thread. I even added some code examples for OAUTH 2.0.

    https://community.ibm.com/community/user/iot/communities/community-home/digestviewer/viewthread?MessageKey=a09d469c-6ffb-4817-bdf2-b8635bca0f1d&CommunityKey=ed77c224-45e2-47b0-b574-cc31496f9a41&tab=digestviewer&reply-inline=a09d469c-6ffb-4817-bdf2-b8635bca0f1d&reply-inline=1d33ad7a-f2ca-41bb-ba66-68d93f499bde&SuccessMsg=Thank%20you%20for%20submitting%20your%20message.
    ​​

    ------------------------------
    Daniel Gruszka
    ------------------------------