Configuring Siebel Open Integration
This section describes how to configure Siebel Open Integration.
To configure Siebel Open Integration, you must perform the following tasks:
- Configure the Siebel Server connection details and the Siebel CRM artifacts to expose through REST APIs in config.json. For more details, see Configuring config.json.
- Define Siebel Open Integration security settings and the credentials required to communicate with Siebel CRM in profile.json. For more information, see Configuring profile.json.
- Configure the Maven settings in settings.xml. For more information, see Configuring Maven settings.
- Run the design-time pipeline. For more information, see Running the Design Time Pipeline.
Configuring config.json
Siebel Open Integration configuration is driven by config.json. You
can configure the connection details for the Siebel Server and specify the Siebel
CRM artifacts that you want to expose through REST, in
config.json.
The installer creates a template file named config-template.json in
the <INSTALL_DIR>/openint-deploy directory. You must copy the
config-template.json file in the same folder and rename the
copy as config.json.
You must configure the following sections in config.json:
app: Use theappsection to configure how Siebel Open Integration connects to the Siebel Server, the port at which Open Integration start, and the path of the transaction metrics. For more information on the parameters, see The app Section Parameters.apigen:Use theapigensection to define which Siebel CRM artifacts you want to expose through REST. Siebel Open Integration uses this section to generate and deploy REST APIs based on artifacts in your Siebel application, such as applets, business components, business services, and workflows. For more information, see The apigen Section Parameters.
The app Section Parameters
You must use the app section to configure how Siebel Open
Integration connects to the Siebel Server. It includes the following parameters:
| Payload Parameter | Section | Description |
|---|---|---|
| siebel | app | This section includes the information to connect to Siebel Server. |
| useCG | app > siebel | Use this parameter to specify where Siebel Open Integration gets the connection string from: · Set to true to fetch the connection string from Cloud Gateway by using cg-url. · Set to false to use the value in connect-string. |
| cg-url | app > siebel | (Required if the useCG parameter is set to true.) Use this parameter to specify the Cloud Gateway URL. |
| connect-string | app > siebel | (Required if the useCG parameter is set to false.) Use this parameter to specify the connection string that Siebel Open Integration uses to connect to Siebel. |
| loginpath | app > siebel | Use this parameter to specify the relative URL for the Siebel application that handles UI requests. For example: /siebel/app/callcenter/enu. |
| context | app | Use this parameter to specify the first path segment in Siebel Open Integration REST URLs. For example, oracle. |
| port | app | Use this parameter to specify the port on which the Open Integration server starts. For example, 8433. |
| metrics-path | app | Use this parameter to specify the file system location where the Open Integration server stores transactions. |
The apigen Section Parameters
Use the
apigen section to define which Siebel CRM artifacts you want
to expose through REST. You can configure the following resources under the
apigen section:openintegration/v1.0/ui: List view and applet pairs to expose UI-based resources. For example,All Account List View/SIS Account Entry Applet. For more information and examples, see Applet APIs (CRUD Operations).openintegration/v1.0/data: List business object and business component pairs to expose data resources. For example,Account/Account/. For more information and examples, see topic Business Object APIs.openintegration/v1.0/workflow: List Siebel workflows to expose workflow-driven resources. For example,EAISiebDemoandISS Promotion WS - ApplyProductPromotion – Order. For more information and examples, see topic Workflow APIs.openintegration/v1.0/service: List Siebel service operations to expose service-based resources through REST APIs. For example,Siebel Account/Insert. For more information and examples, see topic Business Service APIs.
Sample config.json
{
"app": {
"siebel": {
"useCG": true,
"cg-url": "https://<Host_FQDN>:<Port>/siebel/v1.0/cloudgateway",
"connect-string": "siebel.tcpip.none.none://<Host_FQDN>:<Port>/siebel",
"loginpath": "/siebel/app/callcenter/enu"
},
"context":"oracle, "port": 8433,
"metrics-path": "/home/siebel/opeint-metrics"
},
"apigen": {
"resources": {
"openintegration/v1.0/ui": [
"All Account List View/SIS Account Entry Applet"
],
"openintegration/v1.0/data": [
"Account/Account"
],
"openintegration/v1.0/workflow": [
"EAISiebDemo",
"ISS Promotion WS - ApplyProductPromotion - Order"
],
"openintegration/v1.0/service": [
"Siebel Account/Insert"
]
}
}
}Note: The
config-template.json file shows inline
help as commented example strings, but JSON does not support comments. For the
app section, replace every placeholder with an actual value.
For apigen, if you do not want to configure a resource type (for
example: workflow), remove the entire entry instead of leaving the placeholder text.
Otherwise, the pipeline can fail with an “expected resources are not found”
error.Configuring profile.json
Siebel Open Integration reads its profile configuration from
profile.json. It defines Siebel Open Integration security
settings and the credentials required to communicate with Siebel.
The installer provides a template file named profile-template.json
in the <INSTALL_DIR>/openint-deploy directory.
You must copy profile-template.json in the same folder, rename the
copy as profile.json, and then update it to match your
configuration requirements.
Refer to the topic Managing Security and Authenticationfor
configuring security related information in
profile.json.
It includes the following parameters:
| Payload Parameter | Section | Description |
|---|---|---|
| resource-path | Openint > client > tls > private-key > keystore > resource | Use this parameter to specify the name of the JKS file that contains the imported client CA certificate. For example, siebelclientkeystore1.jks |
| type | Openint > client > tls > private-key > keystore | Use this parameter to specify the client private-key keystore type for Open Integration. For example, JKS. |
| passphrase | Openint > client > tls > private-key > keystore | Use this parameter to specify the passphrase required to access the client private-key JKS file. For example, siebel. |
| alias | Openint > client > tls > private-key > keystore > key | Use this parameter to specify the certificate alias that Open Integration uses to authenticate when it makes outbound SSL connections to outbound servers (for example, to Siebel Cloud Gateway). For example: siebelclient. |
| shutdown-grace-period | Openint > server | Use this parameter to specify the time interval (in ISO 8601 duration format) that allows running tasks to finish before the listener shuts down. For example, PT15S. |
| resource-path | Openint > server > tls > trust > keystore > resource | Use this parameter to specify the name of the JKS truststore that contains the imported CA certificates. The server and client use these certificates to validate peer certificates during TLS. For example, siebeltruststore1.jks. |
| type | Openint > server > tls > trust > keystore | Use this parameter to specify the trust keystore type for Open Integration TLS. For example, JKS. |
| passphrase | Openint > server > tls > trust > keystore | Use this parameter to specify the passphrase required to access the trust JKS file. For example, siebel. |
| trust-store | Openint > server > tls > trust > keystore | Use this parameter to specify whether the keystore at resource.resource-path is used as a truststore. Set to true to trust the CA certificates in this JKS file when Open Integration establishes TLS connections (for example, to the Siebel Application Interface). |
| resource-path | Openint > server > tls > private-key > keystore > resource | Use this parameter to specify the name of the JKS file that contains the imported server CA certificate. For example, siebelserverkeystore.jks |
| type | Openint > server > tls > private-key > keystore | Use this parameter to specify the server keystore type for Open Integration TLS. For example, JKS. |
| passphrase | Openint > server > tls > private-key > keystore | Use this parameter to specify the passphrase required to access the keystore JKS file. For example, siebel. |
| alias | Openint > server > tls > private-key > keystore > key | Use this parameter to specify the certificate alias that the Open Integration server presents to clients to verify its identity (for example, a browser or Postman). For example: siebelserver. |
| path | Openint > features > security > paths | Use this parameter to specify the REST API path. Configure all server-exposed paths that require authentication and authorization. For example, /data. |
| methods | Openint > features > security > paths | Use this parameter to specify the supported HTTP methods. For example, GET, POST, PUT, DELETE, and so on. |
| authenticate | Openint > features > security > paths > authenticate | Use this parameter to enable or disable OIDC security for this path: · Set to true to enable OIDC. · Set to false to disable OIDC. |
| authorize | Openint > features > security > paths > authorize | Use this parameter to enable or disable Attribute-Based Access Control (ABAC) security: · Set to true to enable ABAC. · Set to false to disable ABAC. |
| scopes | Openint > features > security > paths > abac | Use this parameter to specify the required scope when authorize is set to true. Open Integration authorizes the request only if the OAuth token includes a valid scope. Set scopes to the scope value used when you generated the OAuth token. For example: read. |
| enabled | Openint > security | Use this parameter to specify the authentication model: · Set to true to use OAuth; the server uses server.security.features to authenticate and authorize requests. · Set to false to use perimeter authentication to validate requests. |
| require-encryption | Openint > security > config | Use this parameter to enable or disable application-wide security encryption: · Set to true to enable encryption. · Set to false to disable encryption. |
| abac | Openint > security > providers | Specifies the ABAC provider. ABAC evaluates attributes (such as the resource and requested action) to determine whether to allow access. |
| identity-uri | Openint > security > providers > oidc | Use this parameter to specify the identity provider URI for the OIDC configuration. For example, the IDCS base URL. |
| client-id | Openint > security > providers > oidc | Specifies the IDCS OIDC client ID that Open Integration uses to authenticate with the OIDC provider. |
| client-secret | Openint > security > providers > oidc | Use this parameter to specify the IDCS client secret for the configured OIDC provider. Open Integration uses this secret (along with the client ID) to authenticate with IDCS for OAuth and OIDC flows. |
| audience | Openint > security > providers > oidc | Use this parameter to specify the IDCS application value for the token consumer. For example: openintv2_. |
| server-type | Openint > security > providers > oidc | Use this parameter to specify the OIDC provider type that Open Integration uses. For IDCS, set this value to idcs. |
| header-use | Openint > security > providers > oidc | Use this parameter to specify whether Open Integration reads the OAuth access token from the HTTP request header. Set to true to use the Authorization header. |
| allow-origins | Openint > restrictive-cors | Use this parameter to specify the list of allowed origins. For example, https://foo.com, https://there.com, and so on. |
| allow-methods | Openint > restrictive-cors | Use this parameter to specify the list of allowed HTTP methods. For example, GET, DELETE, and so on. |
| path-pattern | Openint > cors > paths | Use this parameter to specify the REST path pattern to match. Wildcards are supported. For example, “/". |
| allow-origins | Openint > cors > paths | Use this parameter to specify the list of allowed origins for the matched path. For example,** https://foo.com**, https://there.com, and so on. |
| allow-methods | Openint > cors > paths | Use this parameter to specify the list of allowed HTTP methods for the matched path. For example, GET, DELETE, and so on. |
| enabled | Openint > cache | Use this parameter to enable or disable Coherence caching for user session caching: · Set to true to connect to the Coherence cache server by using the provided settings. · Set to false to ignore the cache configuration. |
| cluster-name | Openint > cache | Use this parameter to specify the Coherence cluster name configured during installation. The default value is siebel. |
| request-timeout | Openint > cache | Use this parameter to specify the request timeout when connecting to the Coherence server. For example: 2s, 500ms. The default value is 2s. |
| wka | Openint > cache | Use this parameter to specify a comma-separated list of Coherence Well-Known Addresses (WKA). For example, "127.0.0.1",** "127.0.0.100\”.** |
| tlsEnabled | Openint > cache | Use this parameter to enable or disable TLS for the Coherence client: · Set to true to use the Openint.client.tls trust and private key settings. · Set to false to ignore the cache TLS settings. |
| ui-connection-threshold | Openint > threshold | Use this parameter to specify the maximum task threshold percentage at which session logoffs start. Valid values are 75 to 99. The default value is 75. |
| enabled | Openint > tracing | Use this parameter to enable or disable tracing: · Set to true to enable tracing. · Set to false to disable tracing and ignore the tracing configuration. |
| host | Openint > tracing | Use this parameter to specify the host name of the trace collector. For example, codacollector.coda.svc.cluster.local. |
| service | Openint > tracing | Use this parameter to specify the service name shown in the tracing UI for this server. For example, open-integration. |
| otlp-protocol | Openint > tracing | Use this parameter to specify the transport protocol that the Open Telemetry Protocol (OTLP) exporter uses to send telemetry data (traces, metrics, and logs) to the backend. Valid values are grpc, http/protobuf, and http/json. The default value is grpc. |
| protocol | Openint > tracing | Use this parameter to specify HTTP protocol to be used when connecting with tracing server. For example, http, https. |
| port | Openint > tracing | Use this parameter to specify the port to use when connecting to the tracing server. For example, 14250**.** |
| env | Openint > tracing > tags | Use this parameter to specify the environment tag used to group spans. For example: development or production. |
| sampler-type | Openint > tracing | Use this parameter to specify the sampler type the server uses to collect traces. Supported values are const and ratio. |
| sampler-param | Openint > tracing | Use this parameter to specify the sampler parameter for the selected sampler type: · If sampler-type is const, set to 1 to trace all requests. Set to any other value to disable tracing. · If sampler-type is ratio, set a value between 0 and 1. For example, 0.1 samples 1 in 10 requests, and 0.001 samples 1 in 1000 requests. |
| propagation | Openint > tracing | Use this parameter to specify the trace context propagation formats (comma-separated). For example, w3c, b3, jaeger. |
| ProfileName | Openint > Profile | Use this parameter to specify a unique profile name used by Siebel Open Integration. For example, HostFQDN. |
| Name | Openint > ConfigParam > Applications | Use this parameter to specify the Siebel application that Siebel Open Integration uses. For example, callcenter. |
| Language | Openint > ConfigParam > Applications | Use this parameter to specify the Siebel application language. For example, enu. |
| ObjectManager | Openint > ConfigParam > Applications | Use this parameter to specify the Siebel Object Manager (OM) for the application. For example, sccobjmgr_enu. |
| MaxTasks | Openint > ConfigParam > Applications | Use this parameter to specify the maximum number of active Siebel tasks that Siebel Open Integration can use for this application. This value must not exceed the MAX_TASKS component parameter of the associated Siebel Object Manager. For example, 100. |
| UserSpec | Openint > Applications > ConfigParam > AuthenticationProperties | Use this parameter to specify the preconfigured user parameter. For example: SBL_REMOTE_USER. |
| TrustToken | Openint > Applications > ConfigParam > AuthenticationProperties | Use this parameter to specify the Siebel trust token used to establish the application connection. For example, ldap. |
| SingleSignOn | Openint > Applications > ConfigParam > AuthenticationProperties | Set this parameter to true. Open Integration works only when single sign-on is enabled. |
| AnonUserName | Openint > Applications > ConfigParam > AuthenticationProperties | Use this parameter to specify the Siebel anonymous user name to use when the actual user’s name is not provided. For example, GUESTCST. |
| SessionTimeout | Openint > Applications > ConfigParam > AuthenticationProperties | Use this parameter to specify the Siebel session timeout (in milliseconds). For example, 900. |
| GuestSessionTimeout | Openint > Applications > ConfigParam > AuthenticationProperties | Use this parameter to specify the guest user session timeout (in milliseconds). For example, 300. |
| MaxConnections | Openint > ConfigParam > RESTInBound | Use this parameter to specify the maximum number of concurrent connections allowed to Siebel. For example, 20. The default value is 4. |
| TrustToken | Openint > ConfigParam > RESTInBound > RESTAuthenticationProperties | Use this parameter to specify the Siebel trust token used to establish the application connection. For example, ldap. |
| AnonUserName | Openint > ConfigParam >RESTInBound > RESTAuthenticationProperties | Use this parameter to specify the Siebel anonymous user name to use when the actual user’s name is not provided. For example, GUESTCST. |
| UserSpec | Openint > ConfigParam > RESTInBound > RESTAuthenticationProperties | Use this parameter to specify the preconfigured user parameter. For example, SBL_REMOTE_USER. |
| ObjectManager | Openint > ConfigParam > RESTInBound | Use this parameter to specify the Siebel OM used for inbound REST requests. For example, eaiobjmgr_enu. |
Sample profile.json
{
"Openint": {
"client": {
"tls": {
"private-key": {
"keystore": {
"resource": {
"resource-path": "siebelclientkeystore.jks"
},
"type": "JKS",
"passphrase": "client",
"key": {
"alias": "siebel"
}
}
}
}
},
"server": {
"shutdown-grace-period": "PT15S",
"tls": {
"trust": {
"keystore": {
"resource": {
"resource-path": "siebeltruststore.jks"
},
"type": "JKS",
"passphrase": "siebel",
"trust-store": true
}
},
"private-key": {
"keystore": {
"resource": {
"resource-path": "siebelserverkeystore.jks"
},
"type": "JKS",
"passphrase": "server",
"key": {
"alias": "siebel"
}
}
}
},
"features": {
"security": {
"paths": [
{
"path": "*/data*",
"methods": [
"get",
"post",
"put",
"delete"
],
"authenticate": true,
"authorize": true,
"abac": {
"scopes": [
"read"
]
}
},
{
"path": "*/service*",
"methods": [
"get",
"post",
"put",
"delete"
],
"authenticate": true,
"authorize": true,
"abac": {
"scopes": [
"read"
]
}
},
{
"path": "*/workflow*",
"methods": [
"get",
"post",
"put",
"delete"
],
"authenticate": true,
"authorize": true,
"abac": {
"scopes": [
"read"
]
}
},
{
"path": "*/ui*",
"methods": [
"get",
"post",
"put",
"delete"
],
"authenticate": true,
"authorize": true,
"abac": {
"scopes": [
"read"
]
}
}
]
}
}
},
"cache": {
"enabled": false,
"cluster-name": "siebel",
"request-timeout": "2s",
"tlsEnabled": true,
"wka": [
"127.0.0.1"
]
},
"threshold": {
"ui-connection-threshold": 75
},
"tracing": {
"enabled": false,
"service": "open-integration",
"otlp-protocol": "grpc",
"protocol": "http",
"host": "localhost",
"port": 4317,
"sampler-type": "const",
"sampler-param": 1,
"propagation": "b3",
"tags": {
"env": "development"
}
},
"security": {
"enabled": false,
"config": {
"require-encryption": false
},
"providers": [
{
"abac": {}
},
{
"oidc": {
"identity-uri": "IDCS URL",
"client-id": "IDCS Client ID",
"client-secret": "IDCS Client Secret",
"audience": "openintv2_",
"server-type": "idcs",
"redirect": false,
"header-use": true
}
}
]
},
"restrictive-cors": {
"allow-origins": [],
"allow-methods": []
},
"cors": {
"paths": [
{
"path-pattern": [],
"allow-origins": [],
"allow-methods": []
}
]
}
},
"Profile": {
"ProfileName": "phoenix21234220441"
},
"ConfigParam": {
"Applications": [
{
"Name": "callcenter",
"Language": "enu",
"ObjectManager": "sccobjmgr_enu",
"MaxTasks": 100,
"AuthenticationProperties": {
"UserSpec": "SBL_REMOTE_USER",
"TrustToken": "ldap",
"SingleSignOn": true,
"AnonUserName": "GUESTCST",
"SessionTimeout": 300,
"GuestSessionTimeout": 300
}
}
],
"RESTInBound": {
"MaxConnections": 20,
"RESTAuthenticationProperties": {
"TrustToken": "ldap",
"AnonUserName": "GUESTCST",
"UserSpec": "SBL_REMOTE_USER"
},
"ObjectManager": "eaiobjmgr_enu"
}
}
}Note: The
profile-template.json file includes
inline help text as commented lines inside double quotes to guide you when you
update profile.json. Because JSON doesn’t support comments, each
key must have a valid value. You must replace the help text in double quotes with
the actual values for your environment.
Configuring Maven settings
Siebel Open Integration is a Helidon SE–based Maven project. Siebel Open Integration generates code on the fly and then uses Maven to build, package, and create the JAR artifacts.
The Siebel Open Integration installer generates a Maven settings template file named
settings.xml.template in <INSTALL_DIR>. You
must copy the settings.xml.template file in the same folder and
rename the copy as settings.xml. You must edit the
<localRepository> parameter in the
settings.xml file to point to the bundled compile dependency
folder:<localRepository><installed_location>\compile_dependency\repository</localRepository>
In the example above, <installed_location> is the SiebelOpen
Integration installation directory.
Running the Design Time Pipeline
After you configure config.json and profile.json,
you must run the design-time pipeline by using gen.sh. You must
ensure that the Siebel application is running when you run the design-time
pipeline.
The design-time pipeline performs these tasks:
- Reads configuration from
config.jsonandprofile.json. - Connects to Siebel and retrieves metadata for the resources configured in
config.json. - Generates the OpenAPI specification from the retrieved metadata.
- Generates Plain Old Java Objects (POJOs) that bind to the metadata.
- Generates the service implementation code that exposes the REST endpoints.
- Builds the Helidon service so it is ready to start and process requests.
To run the design-time pipeline script:
- Navigate to the
openint-deploydirectory:cd <INSTALL_DIR>/openint-deploy - Run the design-time pipeline script:
gen.shOn Windows, you must run:
gen.bat
At the end of execution, the pipeline prints a pipeline error summary:
- Creates an
error-summary.logfile in the current folder to capture the execution summary. - Creates an
error.logfile in the current folder with detailed information, if errors occur.
If you pass --start, the pipeline starts the server after build and redirects runtime output to server_output.log.
You must run the design-time pipeline each time you update
config.json and profile.json. This ensures the
service is rebuilt based on the latest specification.
For details about the script and its supported parameters, see Design-Time Workflow and Supporting Artifacts.