IMS Integration
In order to set up IMS for
AssetWise
CONNECT Edition
Asset Lifecycle Information Management, you
must configure the
ALIM website,
WSG, and
AssetWise.
Configuring the ALIM Website for IMS
Follow these steps to configure the
ALIM Website for IMS.
- On the server hosting the ALIM website, browse to app\config\layouts\override\
- Using a text editor, open
config.json and set the authentication value
to "IMS".
For example,
"authentication":"IMS",
- Save and close the file.
- Browse to the
ALIM site's web.config file.
For example, [http or https:]//[domain or machine]/alim/web.config, where [http or https:] is the transfer protocol, and [domain or machine] is the domain or machine name of your ALIM website.
- Using a text editor, open
web.config and locate the following section:
<wsFederation passiveRedirectEnabled="false" issuer=" [http or https]://[domain or machine]/" reply=[http or https]://[domain or machine]/alim" realm="[http or https]://[domain or machine]/alim/" requireHttps="false" persistentCookiesOnPassiveRedirects="false" />
- In the section above, edit [domain or machine]/alim to match the URL of the ALIM website.
- In the section above, confirm that the log path exists, and that it is pointing to your desired location.
- In the section above, update the issuer to so that it matches the IMS URL.
- In the section above, confirm that the realm URL ends with a "/", otherwise the system will cycle between IMS and ALIM website requests.
- For production, use the
following IMS settings:
<add key="IMSEnableAutomaticCertificateRotation" value="true"/> <add key="ida:FederationMetadataLocation" value="https://ims.bentley.com/FederationMetadata/2007-06/FederationMetadata.xml"/> <add key="ida:Issuer" value="https://ims.bentley.com/"/> <add key="Bentley.eB.ImsAuthUri" value="https://ims.bentley.com/"/> <add key="Bentley.eB.ImsRoot" value="https://ims.bentley.com/"/> <add key="Bentley.eB.StsIssuerName" value="https://ims.bentley.com/"/> <add key="Bentley.eB.StsIssuerCertificate" value="A5A2F1CB135FAB96D43B7DEA28E3AAC7F60CF814"/>
- Save and close the file.
Configuring WSG for IMS
Follow these steps to configure WSG for IMS.
- Browse to the ALIM site's web.config file.
- Using a text editor, open
web.config after
WSG/plugin deployment, add the following
appSettings key:
<add key="Bentley.eB.StsFederationMetadataUri" value="[http or https]://[domain or machine]/federationmetadata/2007-06/federationmetadata.xml" />
- If you are using an issuer
other than ims.bentley.com, update the following keys:
<add key="Bentley.eB.ImsRoot" value="[http or https]://[domain or machine]" /> <add key="Bentley.eB.StsIssuerName" value="[http or https]://[domain or machine]/"/> <add key="Bentley.eB.StsIssuerCertificate" value="[STS Issuer Certificate hash]"/> <add key="ClientSettingsProvider.ServiceUri" value=""/>
Configuring AssetWise for IMS
Follow these steps to configure AssetWise for IMS.
- On the AssetWise server, open the IMS Management for your AssetWise community.
- On the IMS Settings tab, edit the Active STS URI if needed.
- If previously connected,
you might need to run this PowerShell script on the server:
$virtualDirectory = "C:\inetpub\wwwroot\eBIMS" $winTemp = "C:\Windows\Temp" $fileName = "IMS.FederationMetadata.cache" $dirs = @() $dirs += $virtualDirectory $dirs += $winTemp # user temp folders Get-ChildItem("C:\Users") | ?{ $_.PSIsContainer } | % {$dirs += (join-path $_.PSPath "AppData\Local\Temp")} $delete = $true foreach ($dir in $dirs.GetEnumerator()) { $file = (join-path $dir $fileName) if(Test-Path $file) { Write-Host "[$($file)] exists" -f Green if($delete) { Write-Host "Deleting [$($file)]" -f Red Remove-Item $file } } else { Write-Host "[$($file)] doesn't exist" -f Yellow } }
- If you are using an issuer
other than ims.bentley.com, update
eB.Application.Director.exe.config in the
AssetWise Director directory (the default
location is
C:\Program Files (x86)\Bentley\eB\Director). For
example, if you are using the ims.mydomain.com, the key value would look like
this:
<add key="Bentley.eB.ImsRoot" value="https://ims.mydomain.com/"/> <add key="Bentley.eB.StsIssuerName" value="https://ims.mydomain.com/"/> <add key="Bentley.eB.StsFederationMetadataUri" value="FederationMetadata/20070-06/FederationMetadata.xml" <add key="Bentley.eB.StsIssuerCertificate" value="[STS Issuer Certificate hash]"/>
- In case there is a
different issuer, the Eb Service Manager properties must also be updated as
follows:
- Open AssetWise System Management Console, and then in the Explorer, select your server from the tree.
- Select File, then Properties.
- On the
General tab, update the following
properties as identified in the keys added in Step 4:
- IMS Server URI
- Relying Party URI
- IMS Metadata URI
- IMS Issuer Name
- IMS Certificate Thumbprint
- Restart the Eb Service Manager Windows service.
- To configure the database
to allow user-creation in
AssetWise Director for a different IMS Issuer,
run the following script based on your installation type:
MSSQL:
DECLARE @settingId INT, @objectId INT, @oldValue NVARCHAR(2000), @qaImsClaims NVARCHAR(2000) = ';https://ims.mydomain.com/,http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress; https://ims.mydomain.com/,http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name' /* update settings with qa-ims claims if they do not exist */ SELECT @settingId = settings.setting_id, @objectId = object_id, @oldValue = value FROM settings INNER JOIN setting_defs ON setting_defs.setting_id = settings.setting_id AND setting_defs.code = 'UserIdentityClaimTypes' IF @oldValue not like '%' + @qaImsClaims + '%' BEGIN update settings SET value = @oldValue + @qaImsClaims WHERE setting_id = @settingId AND object_id = @objectId END
Oracle:
DECLARE settingId INT; objectId INT; oldValue NVARCHAR2(2000); qaImsClaims NVARCHAR2(2000) := ';https://ims.mydomain.com/,http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress; https://ims.mydomain.com/,http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'; updatedValue NVARCHAR2(2000); BEGIN /* update settings with qa-ims claims if they do not exist */ SELECT settings.setting_id, object_id, value INTO settingId, objectId, oldValue FROM settings INNER JOIN setting_defs ON setting_defs.setting_id = settings.setting_id AND setting_defs.code = 'UserIdentityClaimTypes'; IF NOT (oldValue like '%'||qaImsClaims||'%') THEN updatedValue := oldValue || qaImsClaims; update settings SET value = updatedValue WHERE settings.setting_id = settingId AND settings.object_id = objectId; END IF; END; / COMMIT;