1. Installation Guide
  2. Configuring profile.json

Configuring profile.json

Siebel Open Integration reads its profile configuration from profile.json. It defines Siebel Open Integration security settings and the credentials required to communicate with Siebel.

The installer provides a template file named profile-template.json in the <INSTALL_DIR>/openint-deploy directory.

You must copy profile-template.jsonin the same folder, rename the copy as profile.json, and then update it to match your configuration requirements.

Refer to the topic Managing Security and Authentication for configuring security related information in profile.json.

It includes the following parameters:

Parameter Section Description
resource-path Openint > client > tls > private-key > keystore > resource Use this parameter to specify the name of the JKS file that contains the imported client CA certificate. For example, siebelclientkeystore1.jks
type Openint> client > tls > private-key > keystore Use this parameter to specify the client private-key keystore type for Open Integration. For example,JKS.
passphrase Openint> client > tls > private-key > keystore Use this parameter to specify the passphrase required to access the client private-key JKS file. For example, siebel.
alias Openint > client > tls > private-key > keystore > key Use this parameter to specify the certificate alias that Open Integration uses to authenticate when it makes outbound SSL connections to outbound servers (for example, to Siebel Cloud Gateway).For example: siebelclient.
alias Openint > client > tls > private-key > keystore > idp Specifies the alias of the private key entry used to sign the user-assertion JWT when requesting an OAuth 2.0 token from IDP. Open Integration loads the signing key from the configured keystore by using this alias.
alias Openint > client > tls > private-key > keystore > idp > oi > key Specifies the key identifier (kid) value included in the JWT header during IDP token requests. This value must match the certificate registration configured for the IDP application so that IDP can locate the correct public key and verify the JWT signature.
shutdown-grace-period Openint> server Use this parameter to specify the time interval (in ISO 8601 duration format) that allows running tasks to finish before the listener shuts down. For example, PT15S.
resource-path Openint> server > tls > trust > keystore > resource Use this parameter to specify the name of the JKS truststore that contains the imported CA certificates. The server and client use these certificates to validate peer certificates during TLS. For example, siebeltruststore1.jks.
type Openint> server > tls > trust > keystore Use this parameter to specify the trust keystore type for Open Integration TLS. For example, JKS.
passphrase Openint> server > tls > trust > keystore Use this parameter to specify the passphrase required to access the trust JKS file. For example, siebel.
trust-store Openint> server > tls > trust > keystore

Use this parameter to specify whether the keystore at resource.resource-path is used as a truststore. Set to true to trust the CA certificates in this JKS file when Open

Integration establishes TLS connections (for example,to the Siebel Application Interface).
resource-path Openint > server > tls > private-key > keystore > resource Use this parameter to specify the name of the JKS file that contains the imported server CA certificate. For example, siebelserverkeystore.jks
type Openint> server > tls > private-key > keystore Use this parameter to specify the server keystoretype for Open Integration TLS. For example,JKS.
passphrase Openint> server > tls > private-key > keystore Use this parameter to specify the passphrase required to access the keystore JKS file. For example, siebel.
alias

Openint> server > tls > private-key > keystore

> key

 Use this parameter to specify the certificate alias that the Open Integration server presents to clients to verify its identity (for example, a browser or Postman). For example: siebelserver.
path Openint> features > security > paths Use this parameter to specify the REST API path. Configure all server-exposed paths that require authentication and authorization. For example,/data.
methods Openint> features > security > paths Use this parameter to specify the supported HTTP methods. For example, GET, POST, PUT, DELETE, and so on.
authenticate Openint > features > security > paths > authenticate Use this parameter to enable or disable OIDC security for this path: · Set to true to enable OIDC. · Set to false to disable OIDC.
authorize Openint > features > security > paths > authorize

Use this parameter to enable or disable Attribute-BasedAccess Control (ABAC) security:

·Set to true to enable ABAC. · Set to false to disable ABAC.
scopes Openint> features > security > paths > abac Use this parameter to specify the required scope when authorize is set to true. Open Integration authorizes the request only if the OAuthtoken includes a valid scope. Set scopes to the scope value used when you generated the OAuth token. For example: read.
enabled Openint> security Use this parameter to specify the authentication model: · Set to true to use OAuth; the server uses server.security.features to authenticate and authorize requests. · Set to false to use perimeter authentication to validate requests.
require-encryption Openint> security > config Use this parameter to enable or disable application-wide security encryption: · Set to true to enable encryption. · Set to false to disable encryption.
abac Openint> security > providers Specifies the ABAC provider. ABAC evaluates attributes(such as the resource and requested action) to determine whether to allow access.
identity-uri Openint> security > providers > oidc Use this parameter to specify the identity provider URI for the OIDC configuration. For example,the IDCS base URL.
client-id Openint> security > providers > oidc Specifies the IDCS OIDC client ID that Open Integration uses to authenticate with the OIDC provider.
client-secret Openint> security > providers > oidc Use this parameter to specify the IDCS client secret for the configured OIDC provider. Open Integration uses this secret (along with the clientID) to authenticate with IDCS for OAuth and OIDC flows.
audience Openint> security > providers > oidc Use this parameter to specify the IDCS application value for the token consumer. For example:openintv2_.
server-type Openint> security > providers > oidc Use this parameter to specify the OIDC provider type that Open Integration uses. For IDCS, set this value to idcs.
header-use Openint> security > providers > oidc Use this parameter to specify whether Open Integration reads the OAuth access token from the Http request header. Set to true to use the Authorization header.
allow-origins Openint> restrictive-cors Use this parameter to specify the list of allowed origins. For example, https://foo.com, https://there.com,and so on.
allow-methods Openint> restrictive-cors Use this parameter to specify the list of allowed HTTP methods. For example, GET, DELETE, and so on.
path-pattern Openint >cors > paths Use this parameter to specify the REST path pattern to match. Wildcards are supported. For example,“/".
allow-origins Openint >cors > paths Use this parameter to specify the list of allowed origins for the matched path. For example,** https://foo.com**, https://there.com,and so on.
allow-methods Openint >cors > paths Use this parameter to specify the list of allowed HTTP methods for the matched path. For example,GET, DELETE, and so on.
enabled Openint> cache Use this parameter to enable or disable Coherence caching for user session caching: · Set to true to connect to the Coherence cache server by using the provided settings. · Set to false to ignore the cache configuration.
cluster-name Openint> cache Use this parameter to specify the Coherence cluster name configured during installation. The default value is siebel.
request-timeout Openint> cache Use this parameter to specify the request timeout when connecting to the Coherence server. For example: 2s, 500ms. The default value is 2s.
wka Openint> cache Use this parameter to specify a comma-separated list of Coherence Well-Known Addresses (WKA). For example, "127.0.0.1",** "127.0.0.100\”.**
tlsEnabled Openint> cache

Use this parameter to enable or disable TLS for the Coherence client: · Set to true to use the Openint.client.tls trust and private key settings.

·Set to false to ignore the cache TLS settings.
max-size

Openint > integrations > jsonata > pool

 Use this parameter to specify the maximum number of live contexts allowed in the pool. If you do not specify a value, the runtime uses max(8, CPU cores * 2).
core-size

Openint > integrations > jsonata > pool

 Use this parameter to specify the number of contexts created at startup and retained as the baseline pool. If you do not specify a value, the runtime uses min(4, CPU cores), capped by max-size.
acquire-timeout-millis

Openint > integrations > jsonata > pool

 Use this parameter to specify the maximum time, in milliseconds, to wait when borrowing a context from the pool before the request fails. If you do not specify a value, the runtime uses 250. The minimum supported value is 50.
idle-ttl-millis

Openint > integrations > jsonata > pool

 Use this parameter to specify the idle lifetime, in milliseconds, after which non-core contexts become candidates for eviction. If you do not specify a value, the runtime uses 300000 (5 minutes). The minimum supported value is 1000.
cleanup-interval-millis

Openint > integrations > jsonata > pool

 Use this parameter to specify the minimum interval, in milliseconds, between idle eviction scans. If you do not specify a value, the runtime uses 30000 (30 seconds). The minimum supported value is 1000.
ui-connection-threshold Openint> threshold Use this parameter to specify the maximum task threshold percentage at which session
enabled Openint> tracing

Use this parameter to enable or disable tracing:

·Set to true to enable tracing. · Set to false to disable tracing and ignore the tracing configuration.
host Openint> tracing Use this parameter to specify the host name of the trace collector. For example, codacollector.coda.svc.cluster.local.
service Openint> tracing Use this parameter to specify the service name shown in the tracing UI for this server. For example,open-integration.
otlp-protocol Openint> tracing Use this parameter to specify the transport protocol that the Open Telemetry Protocol (OTLP)exporter uses to send telemetry data (traces,metrics, and logs) to the backend. Valid values are grpc, http/protobuf, and http/json. The default value is grpc.
protocol Openint> tracing Use this parameter to specify HTTP protocol to be used when connecting with tracing server. For example, http, https.
port Openint> tracing Use this parameter to specify the port to use when connecting to the tracing server. For example,14250**.**
env Openint> tracing > tags Use this parameter to specify the environment tag used to group spans. For example: development or production.
sampler-type Openint> tracing Use this parameter to specify the sampler type the server uses to collect traces. Supported values are const and ratio.
sampler-param Openint> tracing

Use this parameter to specify the sampler parameter for the selected sampler type: · If sampler-type is const, set to 1 to trace all requests. Set to any other value to disable tracing. · If sampler-typeis ratio, set a value between 0and 1. For example, 0.1samples 1

in10 requests, and 0.001samples 1 in 1000 requests.
propagation Openint> tracing Use this parameter to specify the trace context propagation formats (comma-separated). For example, w3c, b3, jaeger.
ProfileName Openint> Profile Use this parameter to specify a unique profile name used by Siebel Open Integration. For example, HostFQDN.
Name Openint> ConfigParam > Applications Use this parameter to specify the name of the Siebel application that Siebel Open Integration uses. For example, callcenter.
Language Openint> ConfigParam > Applications Use this parameter to specify the Siebel application language. For example, enu.
ObjectManager Openint> ConfigParam > Applications Use this parameter to specify the Siebel Object Manager(OM) for the application. For example, sccobjmgr_enu.
MaxTasks Openint> ConfigParam > Applications

Use this parameter to specify the maximum number of active Siebel tasks that Siebel OpenIntegration can use for this application.

This value must not exceed the MAX_TASKS component parameter of the associated Siebel Object Manager. For example, 100.
UserSpec Openint > Applications > ConfigParam > AuthenticationProperties

Use this parameter to specify the preconfigured user parameter. For example: SBL_REMOTE_ USER.

You can fetch the trust token from SMC. In SMC, go to Profiles, then Application Interface, then Authentication, and then User Specification.
TrustToken Openint > Applications > ConfigParam > AuthenticationProperties

Use this parameter to specify the Siebel trust token used to establish the application connection. For example, ldap

You can fetch the trust token from SMC. In SMC, go to Profiles, then Application Interface, then Authentication, and then Trust Token.
SingleSignOn Openint > Applications > ConfigParam > AuthenticationProperties Set this parameter to true. Open Integration works only when single sign-on is enabled.
AnonUserName Openint > Applications > ConfigParam > AuthenticationProperties

Use this parameter to specify the Siebel anonymous user name to use when the actual user’s name is not provided. For example, GUESTCST.

You can fetch the anonymous user name from SMC. In SMC, go to Profiles, then Application Interface, then Authentication, and then Anonymous User Name.
SessionTimeout Openint > Applications > ConfigParam > AuthenticationProperties Use this parameter to specify the Siebel session timeout (in milliseconds). For example, 900.
GuestSessionTimeout Openint > Applications > ConfigParam > AuthenticationProperties Use this parameter to specify the guest user session timeout (in milliseconds). For example, 300.
MaxConnections Openint> ConfigParam > RESTInBound Use this parameter to specify the maximum number of concurrent connections allowed to Siebel. For example, 20. The default value is 4.
TrustToken Openint> ConfigParam > RESTInBound > RESTAuthenticationProperties

Use this parameter to specify the Siebel trust token used to establish the application connection. For example, ldap.

You can fetch the trust token from SMC. In SMC, go to Profiles, then Application Interface, then REST Inbound Authentication, and then Trust Token.
AnonUserName Openint> ConfigParam >RESTInBound > RESTAuthenticationProperties

Use this parameter to specify the Siebel anonymous user name to use when the actual user’s name is not provided. For example, GUESTCST.

You can fetch the trust token from SMC. In SMC, go to Profiles, then Application Interface, then REST Inbound Authentication, and then Anonymous User Name.
UserSpec Openint> ConfigParam > RESTInBound > RESTAuthenticationProperties

Use this parameter to specify the preconfigured user parameter. For example, SBL_REMOTE_ USER.

You can fetch the trust token from SMC. In SMC, go to Profiles, then Application Interface, then REST Inbound Authentication, and then User Specification.
ObjectManager Openint> ConfigParam > RESTInBound Use this parameter to specify the Siebel OM used for inbound REST requests. For example, eaiobjmgr_enu.
Sample profile.json

{
  "Openint": {
    "client": {
      "tls": {
        "private-key": {
          "keystore": {
            "resource": {
              "resource-path": "siebelclientkeystore.jks"
            },
            "type": "JKS",
            "passphrase": "client",
            "key": {
              "alias": "siebel"
            },
            "idp": {
              "alias": "idp-signing-key",
              "oi": {
                "key": {
                  "alias": "openint-key-2026"
                }
              }
            }
          }
        }
      }
    },
    "server": {
      "shutdown-grace-period": "PT15S",
      "tls": {
        "trust": {
          "keystore": {
            "resource": {
              "resource-path": "siebeltruststore.jks"
            },
            "type": "JKS",
            "passphrase": "siebel",
            "trust-store": true
          }
        },
        "private-key": {
          "keystore": {
            "resource": {
              "resource-path": "siebelserverkeystore.jks"
            },
            "type": "JKS",
            "passphrase": "server",
            "key": {
              "alias": "siebel"
            }
          }
        }
      },
      "features": {
        "security": {
          "paths": [
            {
              "path": "/openintegration/v1.0/[{+path}/]{last:(?!describe$)[^/]+}[/]",
              "methods": [
                "get",
                "post",
                "put",
                "delete"
              ],
              "authenticate": true,
              "authorize": true,
              "abac": {
                "scopes": [
                  "read"
                ]
              }
            }
          ]
        }
      }
    },
    "cache": {
      "enabled": false,
      "cluster-name": "siebel",
      "request-timeout": "2s",
      "tlsEnabled": true,
      "wka": [
        "127.0.0.1"
      ]
    },
    "threshold": {
      "ui-connection-threshold": 75
    },
    "integrations": {
      "jsonata": {
        "pool": {
          "max-size": 16,
          "core-size": 4,
          "acquire-timeout-millis": 250,
          "idle-ttl-millis": 300000,
          "cleanup-interval-millis": 30000
        }
      }
    },
    "tracing": {
      "enabled": false,
      "service": "open-integration",
      "otlp-protocol": "grpc",
      "protocol": "http",
      "host": "localhost",
      "port": 4317,
      "sampler-type": "const",
      "sampler-param": 1,
      "propagation": "b3",
      "tags": {
        "env": "development"
      }
    },
    "security": {
      "enabled": false,
      "config": {
        "require-encryption": false
      },
      "providers": [
        {
          "abac": {}
        },
        {
          "oidc": {
            "identity-uri": "IDCS URL",
            "client-id": "IDCS Client ID",
            "client-secret": "IDCS Client Secret",
            "audience": "openintv2_",
            "server-type": "idcs",
            "redirect": false,
            "header-use": true
          }
        }
      ]
    },
    "restrictive-cors": {
      "allow-origins": [],
      "allow-methods": []
    },
    "cors": {
      "paths": [
        {
          "path-pattern": [],
          "allow-origins": [],
          "allow-methods": []
        }
      ]
    }
  },
  "Profile": {
    "ProfileName": "phoenix21234220441"
  },
  "ConfigParam": {
    "Applications": [
      {
        "Name": "callcenter",
        "Language": "enu",
        "ObjectManager": "sccobjmgr_enu",
        "MaxTasks": 100,
        "AuthenticationProperties": {
          "UserSpec": "SBL_REMOTE_USER",
          "TrustToken": "ldap",
          "SingleSignOn": true,
          "AnonUserName": "GUESTCST",
          "SessionTimeout": 300,
          "GuestSessionTimeout": 300
        }
      }
    ],
    "RESTInBound": {
      "MaxConnections": 20,
      "RESTAuthenticationProperties": {
        "TrustToken": "ldap",
        "AnonUserName": "GUESTCST",
        "UserSpec": "SBL_REMOTE_USER"
      },
      "ObjectManager": "eaiobjmgr_enu"
    }
  }
}
```
Note: The profile-template.jsonfile includes inline help text as commented lines inside double quotes to guide you when you update profile.json. Because JSON doesn’t support comments, each key must have a valid value. You must replace the help text in double quotes with the actual values for your environment.
Note: When you configure secured route matching under Openint.server.features.security.paths, specify route templates rather than runtime values. For example, use /openintegration/v1.0/service/Account/{Id} instead of /openintegration/v1.0/service/Account/12345.