Configuring Siebel Open Integration
This topic describes Siebel Open Integration configuration steps. It includes the following information:
- Prerequisites:
- Install Powershell for Windows
- wget command for Linux
- Coherence Deployment via SMC
- Configure Siebel SSO
- To Configure Siebel Open Integration:
- Configure Security Details
- Configure Siebel Application Details
- Configure REST API
- Configure Maven settings
- Generate REST API
- Launch Siebel Open Integration
Prerequisites
-
Install Powershell for Windows
If using Siebel Open Integration on a Windows platform, the Powershell utility is required for running pipeline.
Note: Right click on files describe.ps1 and fndrep.ps1 , select properties , select unblock option and save. -
wget command for Linux
For Linux operating system pipeline utility uses wget command for downloading OpenAPI specification from the configured Siebel.
-
Coherence Deployment via SMC
Make sure to deploy Coherence via SMC, if it's planned to configure Coherence for user session caching.
If Coherence is not going to be configured for Open Integration, then Coherence Deployment is optional for Open Integration.
-
Configure Siebel SSO
Make sure to configure Siebel SSO, before going ahead with the Open Integration configurations.
To Configure Siebel Open Integration
- Configurations in config.json
Siebel Open Integration configuration is primarily driven via the configuration file named config.json. The installer generates a templatized configuration file named “config-template.json” in <INSTALL_DIR> /openint-deploy folder. It is recommended to make a copy of the file “config-template.json” in the same location and rename it to config.json.
Below is the config-template.json, with the “app” and "apigen" sections explained.
config-template.json
sample config.json{ "app": { "siebel": { "useCG": "#useCG - if set to true, will fetch connect string from Cloud Gateway using <cg-url> field value. If set to false, will use value provided at <connect-string> field", "cg-url":"#CG URL - Mandatory if useCG is set to true", "connect-string": "#connect-string - populate this when <useCG> value is false, Connect String for connecting to Siebel Server", "loginpath": "# Example value : /siebel/app/callcenter/enu" }, "context": "# Example value : oracle", "port": "Integer value of Webserver port. Example: 8433", "metrics-path": "# File System location where OpenIntegration server transactions are stored" }, "apigen": { "resources": { "openintegration/v1.0/ui": [ "# Example value within double quote : All Account List View/SIS Account Entry Applet" ], "openintegration/v1.0/data": [ "# Example value within double quote : Account/Account/" ], "openintegration/v1.0/workflow": [ "# Example value within double quote : EAISiebDemo", "# Example value within double quote : ISS Promotion WS - ApplyProductPromotion - Order" ], "openintegration/v1.0/service": [ "# Example value within double quote : Siebel Account/Insert" ] } } }{ "app": { "siebel": { "useCG": true, "cg-url": "https://<Host_FQDN>:<Port>/siebel/v1.0/cloudgateway", "connect-string": "siebel.tcpip.none.none://<Host_FQDN>:<Port>/siebel", "loginpath": "/siebel/app/callcenter/enu" }, "context": "oracle", "port": 8433, "metrics-path": "/home/siebel/opeint-metrics" }, "apigen": { "resources": { "openintegration/v1.0/ui": [ "All Account List View/SIS Account Entry Applet" ], "openintegration/v1.0/data": [ "Account/Account" ], "openintegration/v1.0/workflow": [ "EAISiebDemo", "ISS Promotion WS - ApplyProductPromotion - Order" ], "openintegration/v1.0/service": [ "Siebel Account/Insert" ] } } }The "app" section contains the configuration needed by the Siebel Open Integration to connect to Siebel server.
- "useCG": If set to true, will fetch connect string from Cloud Gateway using <cg-url> field value. If set to false, will use value provided at <connect-string> field
- "cg-url": CG URL is Mandatory if useCG is set to true.
- "connect-string": The connect string to be used by AI/OM to connect with Siebel. Populate this when <useCG> value is false, Connect String for connecting to Siebel Server.
- "loginpath": Refers to the relative url of Siebel Application. For example: https://<Host_FQDN>:<Port>/siebel/v1.0/
- "context": This value will be added as first path parameter in the REST URLs of the Siebel Open Integration. Example value : oracle"
- "port": This is the port on which OpenIntegration server will come up on.
The section “apigen” of config.json file provides placeholders for various forms of CRM object exposition. Siebel Open Integration uses the “apigen” section to generate and deploy REST APIs which leverages Applets, Business Components, Business Services and Workflow artefacts within the Siebel Application.
- "openintegration/v1.0/ui": The “ui” section can be used to list View and Applet pairs. Example value : "All Account List View/SIS Account Entry Applet"
- "openintegration/v1.0/data": The “data” section can be used to list Business Object and Business Components pairs. Example value : "Account/Account/"
- "openintegration/v1.0/workflow": The “workflow” section can be used for listing Siebel Workflows. Example value : "EAISiebDemo" and "ISS Promotion WS - ApplyProductPromotion - Order"
- "openintegration/v1.0/service": The “service” section can be used for listing Siebel service. Example value : "Siebel Account/Insert"
Note: The config-template.json contains the commented lines within the double quotes, that is only meant to be used as a inline help/doc for the user updating config.json file. But JSON doesn't support/recognise the comments, it expects actual value for a given key. Hence, user must update all the keys with applicable values in the case of 'app' section. In case of apigen section if user don't want to configure certain resources say 'workflow' service, they should remove the array key(entry) itself, instead of keeping it along with the commented value. With the commented values the pipeline would fail with "expected resources are not found error". -
Configure REST API
The “apigen” section of config.json file provides placeholders for various forms of CRM object exposition. Siebel Open Integration uses the “apigen” section to generate and deploy a REST API which leverages Applets, Business Components, Business Services and Workflow artefacts within the Siebel Application.
"apigen": { "resources": { "openintegration/v1.0/ui": [ "All Account List View/SIS Account Entry Applet" ], "openintegration/v1.0/data": [ "Account/Account" ], "openintegration/v1.0/workflow": [ "EAISiebDemo", "ISS Promotion WS - ApplyProductPromotion - Order" ], "openintegration/v1.0/service": [ "Siebel Account/Insert" ] } }The “ui” section can be used to list View and Applet pairs. The REST API executes a ui query within that View and Applet scope, adhering to the user’s roles and responsibilities. For example, if user wishes to fetch data of View “All Account List View” and Applet “SIS Account Entry Applet”, user should specify the same under “ui” section.
"All Account List View/SIS Account Entry Applet"After deploying, following URL can be used to fetch data from the server running the Open Intergration service.
https://<hostname:port>/<oracle>/openintegration/v1.0/ui/Account/All Account List View/SIS Account Entry AppletFor more information and examples, see Applet APIs.
The “data” section should be used for listing Business Object & Business Components to access Siebel CRM Business Objects. Review topic Business Object APIs for more information and examples.
The “workflow” section should be used for listing Siebel Workflows as REST API. Review topic Workflow APIs for more information and examples.
In the “service” section, provide list of Siebel Business Services that you wish to expose via REST API. Review topic Business Service APIs for more information and examples.
Configuration in profile.json
Siebel Open Integration's profile configuration is driven via the configuration file named profile.json. The installer provides a templatized configuration file named “profile-template.json” in <INSTALL_DIR> /openint-deploy folder. It is recommended to make a copy of the file “profile-template.json” in the same location and rename it to profile.json and update it based on the configuration needs.
Below is the profile-template.json, with all its configuration sections explained.
profile-template.json
sample profile.json{ "Openint": { "server": { "shutdown-grace-period": "#The time interval in ISO 8601 duration format that allows running tasks to finish before the listener shuts down. Example: PT15S", "tls": { "trust": { "keystore": { "resource": { "resource-path": "#Location of the JKS file that contains Siebel Application Interface (AI) CA certificate imported. Example: siebeltruststore1.jks" }, "type": "JKS", "passphrase": "#Passphrase required to access above JKS. Example: siebel", "trust-store": true } }, "private-key": { "keystore": { "resource": { "resource-path": "#Location of the JKS file that contains Siebel Application Interface (AI) CA certificate imported. Example: siebelkeystore1.jks" }, "type": "JKS", "passphrase": "#Passphrase required to access above JKS Example: siebel", "key": { "alias": "#Alias used to store Siebel Application Interface (AI) CA certificate to the JKS. Example: siebel" } } } }, "features": { "security": { "paths": [ { "path": "#Path/Path parameter of the REST API. We need to configure all paths exposed by Server that requires to enable Authentication/Authorization on them. Example: */data* . ", "methods": [ "#HTTP methods supported. Example get, post, put, delete etc." ], "authenticate": "#OIDC security for this specific path, turned on if the boolean value set to true, turned off if set to false", "authorize": "#ABAC security turned on if set true(boolean), turned off if set to false", "abac": { "scopes": [ "# scope is needed when authorize is set to true, OI server will authorize the request only if Oauth token contains valid scope. Update the 'scopes' with the value string which has been used during the OAuth security token generation. Example: read" ] } } ] } } }, "security": { "enabled": "#If set to true , security will be set to Oauth and server.security.features will be used by the server to authenticate/authorize the request. If set to False , server will use Perimeter Authentication to validate request.", "config": { "require-encryption": "#Application wide security encryption turned on if the boolean value set to true, turned off if set to false" }, "providers": [ { "abac": { } }, { "oidc": { "identity-uri": "#IDCS URL", "client-id": "#IDCS Client Id ", "client-secret": "#IDCS Client Secret", "audience": "#The IDCS app value that of the consumer of the token. Example: openintv2_", "server-type": "idcs", "header-use": true } } ] }, "restrictive-cors": { "allow-origins": [ "#List of origins allowed. Example:", "https://foo.com", "https://there.com" ], "allow-methods": [ "#List of origins allowed", "#Example: GET", "#Example: DELETE" ] }, "cors": { "paths": [ { "path-pattern": [ "#REST Path pattern to be matched for, support wildcards also", "#Example: / in double quotes" ], "allow-origins": [ "#List of origins allowed. Example:", "https://foo.com", "https://there.com" ], "allow-methods": [ "#List of origins allowed", "#Example: GET", "#Example: DELETE" ] } ] }, "cache": { "enabled": "#If set to true , OpenIntegration instance will use provided details to connect to Coherence cache server. If set to false, below configurations will be ignored", "cluster-name": "#Coherence cache server name used during server installation. Default value is siebel", "request-timeout": "#Request timeout to connect to Coherence server. Ex: 2s, 500ms. Default value is 2s", "wka": [ "#Comma Seperated values of Well Known Address (wka) of Coherence Server Ex: \"127.0.0.1\",\"127.0.0.100\"" ], "tlsEnabled": "#If set to true, Coherence client uses Openint.server.tls trust and private-key details to start Coherence client in SSL mode. If set to false below security section will be ignored", }, "threshold": { "ui-connection-threshold": "# Max Tasks Threshold percentage before Session Logoffs are kicked off. Ex: 75" }, "tracing": { "enabled": "#If set to true , Tracing is enabled. If set to false, tracing is disabled and below configurations will be ignored", "host": "#Host Name of Trace Collector. Ex: codacollector.coda.svc.cluster.local", "service": "#Service name to identify this server's traces in Tracing UI. Ex: open-integration", "otlp-protocol" : "transport protocol used by the OpenTelemetry Protocol (OTLP) exporter for sending telemetry data (e.g., traces, metrics, logs) to backend.Valid values - grpc, http/protobuf, http/json. Default value is grpc", "protocol": "#HTTP Protocol to be used when connecting with Tracing server. Ex: http,https", "port": "#Port to be used when connecting to Tracing server. Ex: 14250", "tags": { "env": "#String name to be used by Server to group Spans. Ex: development/Production" }, "sampler-type": "#Ex: Sampler type to be used by server to collect traces for the request. Supported values: const, ratio", "sampler-param": "#Defines the tracing sampler parameter used by the server to collect traces. Example values: 0.1, 0.01. If the sampler type is 'const', setting sampler-param to 1 enables tracing for all requests, while any other value disables sampling. For a 'ratio' sampler type, sampler-param should be between 0 and 1, where 0.1 samples 1 in 10 requests, and 0.001 samples 1 in 1000 requests.", "propagation": "#Kind of Traces to be propagated by the server in a comma separated values, Ex: w3c,b3,jaeger" } }, "Profile": { "ProfileName": "#Unique name of the profile used by Siebel OpenIntegration. Example: HostFQDN" }, "ConfigParam": { "MaxTasks": "#Refers to the maximum number of Active Siebel Tasks that Siebel Open Integration can use. Ideally this value should never exceed the value of component parameter MAX_TASKS of the Siebel object manager being used. Example: 20" }, "Applications": [ { "Name": "#Name of the Siebel application configured to work with Siebel OpenIntegration. Example: callcenter", "Language": "#Language of the Siebel application to be configured. Example: enu", "ObjectManager": "#Siebel ObjectManager(OM) that the application is configured with. Example: sccobjmgr_enu", "MaxTasks": "#Refers to the maximum number of Active Siebel Tasks that Siebel Open Integration can use. Ideally this value should never exceed the value of component parameter MAX_TASKS of the Siebel object manager being used. Example: 100", "AuthenticationProperties": { "UserSpec": "#The pre-configured user parameter. Example SBL_REMOTE_USER", "TrustToken": "#Siebel trust token value used for establishing application connection. Example: ldap", "SingleSignOn": "true. OpenIntegration works only with SignleSignOn set to true.", "AnonUserName": "#Siebel anonymous user name if the actual user name is not provided. Example: GUESTCST", "SessionTimeout": "#Siebel connection session timeout value in milliseconds. Example: 900", "GuestSessionTimeout": "#Siebel guest user connection session timeout value in milliseconds. Example: 300" } } ], "RESTInBound": { "MaxConnections": "#Maximum allowed connections with Siebel, value is in integer number. Default number if this is not configured is 4. Example: 20", "RESTAuthenticationProperties": { "TrustToken": "#Siebel trust token value used for establishing application connection. Example: ldap", "AnonUserName": "#Siebel anonymous user name if the actual user name is not provided. Example: GUESTCST", "UserSpec": "#The pre-configured user parameter. Example SBL_REMOTE_USER" }, "ObjectManager": "#Siebel ObjectManager(OM) that the application is configured with. Example: eaiobjmgr_enu" } } }{ "Security": { "server": { "shutdown-grace-period": "PT15S", "tls": { "trust": { "keystore": { "resource": { "resource-path": "siebeltruststore1.jks" }, "type": "JKS", "passphrase": "siebel", "trust-store": true } }, "private-key": { "keystore": { "resource": { "resource-path": "siebelkeystore1.jks" }, "type": "JKS", "passphrase": "siebel", "key": { "alias": "siebel" } } } }, "features": { "security": { "paths": [ { "path": "*/data*", "methods": [ "get", "post", "put", "delete" ], "authenticate": true, "authorize": true, "abac": { "scopes": [ "read" ] } }, { "path": "*/service*", "methods": [ "get", "post", "put", "delete" ], "authenticate": true, "authorize": true, "abac": { "scopes": [ "read" ] } }, { "path": "*/workflow*", "methods": [ "get", "post", "put", "delete" ], "authenticate": true, "authorize": true, "abac": { "scopes": [ "read" ] } }, { "path": "*/ui*", "methods": [ "get", "post", "put", "delete" ], "authenticate": true, "authorize": true, "abac": { "scopes": [ "read" ] } } ] } } }, "security": { "enabled": true, "config": { "require-encryption": false }, "providers": [ { "abac": { "fail-on-unvalidated": true, "fail-if-none-validated": true } }, { "oidc": { "identity-uri": "IDCS URL", "client-id": "IDCS Client ID", "client-secret": "IDCS Client Secret", "audience": "openintv2_", "server-type": "idcs", "redirect": false, "header-use": true } } ] }, "restrictive-cors": { "allow-origins": [], "allow-methods": [] }, "cors": { "paths": [ { "path-pattern": [], "allow-origins": [], "allow-methods": [] } ] }, "cache": { "enabled": true, "cluster-name": "siebel", "request-timeout": "2s", "tlsEnabled": true, "wka": [ "127.0.0.1","127.0.0.100" ], "ui-threshold": 75 }, "tracing": { "enabled": true, "service": "open-integration", "otlp-protocol": "grpc", "protocol": "http", "host": "localhost", "port": 4317, "sampler-type": "const", "sampler-param": 1, "propagation": "b3", "tags": { "env": "development" } }, "Profile": { "ProfileName": "HostFQDN" }, "ConfigParam": { "Applications": [ { "Name": "callcenter", "Language": "enu", "ObjectManager": "sccobjmgr_enu", "MaxTasks": 100, "AuthenticationProperties": { "UserSpec": "SBL_REMOTE_USER", "TrustToken": "ldap", "SingleSignOn": true, "AnonUserName": "GUESTCST", "SessionTimeout": 90000, "GuestSessionTimeout": 300 } } ], "RESTInBound": { "MaxConnections": 20, "RESTAuthenticationProperties": { "TrustToken": "ldap", "AnonUserName": "GUESTCST", "UserSpec": "SBL_REMOTE_USER" }, "ObjectManager": "eaiobjmgr_enu" } } }Note: The profile-template.json contains the commented lines within the double quotes, that is only meant to be used as a inline help/doc for the user updating profile.json file. But JSON doesn't support/recognise the comments, it expects actual value for a given key. Hence, user must update all the keys with applicable values by replacing the commented line within the double quotes.Configure Security Details
Detailed information related to Siebel Open Integration application security has been provided in the section “User authentication for secure access” in the topic “Security and Authentication flows”. It is recommended to review the section and update profile.json with appropriate values for security configuration based on your need. Refer to the topic Security and Authentication Flows for configuring security related information in profile.json.Configure Siebel Application Details
Configure Siebel Open Integration with Siebel applications via the “applications” section in the profile.json file. This section provides the following configuration placeholders.
Applications section of profile.json"Applications": [ { "Name": "callcenter", "Language": "enu", "ObjectManager": "sccobjmgr_enu", "MaxTasks": 100, "AuthenticationProperties": { "UserSpec": "SBL_REMOTE_USER", "TrustToken": "ldap", "SingleSignOn": true, "AnonUserName": "GUESTCST", "SessionTimeout": 90000, "GuestSessionTimeout": 300 } } ]- Configure Maven settingsSiebel Open Integration Installer generates maven settings file “settings.xml.template” In <INSTALL_DIR> folder. It is recommended to make a copy of the file “settings.xml.template” in same location and rename it to settings.xml. Further, it is required to update local repository path to the bundled compile dependency folder as
<INSTALL_DIR>/settings.xml Line to edit <localRepository>#installed_location\compile_dependency\repository</localRepository>Replace #installed_location with the install location of Siebel Open Integration.
- Design Time PipelineOnce config.json and profile.json are configured, please trigger Design time pipeline via gen.sh (or gen.bat for Windows). Ensure that Siebel Application is up and running. The script "gen.sh or gen.bat" can be executed from openint-deploy folder as
<INSTALL_DIR>/openint-deploy/gen.shMake sure to execute gen.sh (or gen.bat on Windows) every time any changes are done to config.json and/or profile.json. This will ensure the service is rebuilt according to the updated specification. Refer to the section Design Time Flow and Description of Artefacts for details related to the script and parameters that it can accept.
- Launch Siebel Open Integration
Once gen.sh/gen.bat is run successfully, start the Siebel Open Integration service by running start.sh (or start.bat for windows) as follows:
<INSTALL_DIR>/start.shThis should return a confirmation message on the console when the Open Integration Service is up and running and ready to accept REST requests. Once the service is up and running, any REST API client can be used to submit valid calls as outlined in the remainder of the document.
Kubernetes Deployment
Refer to Deploying Open Integration on a Kubernetes Cluster Using SCM section of Deploying Siebel CRM Containers on Kubernetes using Siebel Cloud Manager for more information.