1. Implementing Innovation Management
  2. Configure Message Protection for Agile PLM

Configure Message Protection for Agile PLM

For the integration between Innovation Management and Agile PLM to work, you must configure a domain trust between the WebLogic domain, where Innovation Management is running, and the domain where Agile PLM is running.

In production environments, the security certificates that are configured in the identity keystore of an Agile PLM WebLogic domain are official certificates provided by a Certificate Authority (CA) to ensure that the identity of the Agile PLM host is officially certified.

Even so, the certificate provided by the CA and imported into the identity keystore may not be enough for the Cloud application domain to trust the identity of the target system host, given that the hierarchy of certification up to the root certificate may not be known to the WebLogic domain.

To resolve this potential problem, you can let identity trust by:

  • providing the public certificate that's associated with your system host and all certificates in the hierarchy to the root; and,

  • submitting a service request to ask for those certificates to be imported to the trust store of the WebLogic domain.

Follow these steps to configure message protection for Agile PLM:

  1. Create a service request with the following information:

    1. Name of the service request: Message Protection Configuration on Oracle Cloud To Integrate With Agile PLM

    2. Include the following information in the comments section:

      • Specify the version of Agile PLM you're using.

      • Specify message protection policy to oracle/wss11_saml_token_bearer_over_ssl_client_policy.

    3. Submit the service request.

    4. Wait until your administrator informs you that the service request has been processed. Name of the service request: Message Protection Configuration on Oracle Cloud To Integrate with Agile PLM

  2. Import the signature certificates used by Oracle Cloud into Agile PLM.

    When the service request is processed, the security certificates used by the Oracle Cloud WebLogic domain to sign the Web Service requests are attached to the service request. You're notified that you can proceed to import the certificate to the trust keystore of Agile PLM.

    Download the certificates attached to the service request. The trusted certificates must be imported to the Oracle Web Services Manager KSS keystore and the full certificate chain must be available.

    1. Open Enterprise Manager for your Agile PLM installation.

    2. Navigate to agileDomain > (Context Menu) Security > Keystore.

    3. Expand OWSM > Select the Manage button.

    4. Click the Import button, a dialog box appears.

    5. Select Trusted Certificate for Certificate Type, provide an alias, and copy and paste or choose a local file containing the certificate.

    6. Repeat steps 3.4 and 3.5 to import each certificate attached in the service request.

  3. Determine the target URL for the Web Services.

    Determine the target URL for the Web Services that are being used for the integration. Enter the corresponding values in Oracle Cloud using Setup and Maintenance. The typical endpoint for Agile PLM is as follows: {protocol}://{host}:{port}/CoreService/services/{service}?wsdl; for example, http://example.com:7001/CoreService/services/Search?wsdl

    1. Enter the values for protocol, host, port, and context root into the corresponding fields for registering the target endpoint in Oracle Cloud, using the Setup and Maintenance workspace, as follows:

      • Sign in to Oracle Cloud as a user with the privilege to modify configuration values, and then click Setup and Maintenance.

      • On the Setup and Maintenance page, search for the Register Agile PLM task.

      • Click the task name.

      • Select the Server Protocol and enter values for External Server Host and External Server Port in the Server Details section. Enter the Context Root in the row named AgileA9CoreServices in the Associated Modules section.

      • Click Save and Close.

  4. Make sure the endpoint is visible from outside your corporate firewall.

    The web services endpoint registered in Oracle Cloud must be reachable from outside your corporate firewall, so Oracle Cloud can call the corresponding web services. Make sure the port is open for incoming traffic and the host name is valid from outside the firewall.

  5. Configure users to ensure that they're consistent on both systems.

  6. Configure and activate the connector.