AssetWise CONNECT Edition Implementation Guide

IMS Integration

In order to set up IMS for AssetWise CONNECT Edition Asset Lifecycle Information Management, you must configure the ALIM website, WSG, and AssetWise.
Note: Be sure to reference the same IMS site for each of the ALIM website, WSG, and AssetWise configurations.

Configuring the ALIM Website for IMS

Follow these steps to configure the ALIM Website for IMS.
  1. On the server hosting the ALIM website, browse to app\config\layouts\override\
  2. Using a text editor, open config.json and set the authentication value to "IMS".
    For example, 
    "authentication":"IMS",
  3. Save and close the file.
  4. Browse to the ALIM site's web.config file.

    For example, [http or https:]//[domain or machine]/alim/web.config, where [http or https:] is the transfer protocol, and [domain or machine] is the domain or machine name of your ALIM website.

  5. Using a text editor, open web.config and locate the following section: 
    <wsFederation passiveRedirectEnabled="false" issuer=" [http or https]://[domain or machine]/"  reply=”[http or https]://[domain or machine]/alim"  
realm="[http or https]://[domain or machine]/alim/" requireHttps="false" persistentCookiesOnPassiveRedirects="false" />
  6. In the section above, edit [domain or machine]/alim to match the URL of the ALIM website.
  7. In the section above, confirm that the log path exists, and that it is pointing to your desired location.
  8. In the section above, update the issuer to so that it matches the IMS URL.
  9. In the section above, confirm that the realm URL ends with a "/", otherwise the system will cycle between IMS and ALIM website requests.
  10. For production, use the following IMS settings: 
     <add key="IMSEnableAutomaticCertificateRotation" value="true"/>
    <add key="ida:FederationMetadataLocation" value="https://ims.bentley.com/FederationMetadata/2007-06/FederationMetadata.xml"/>
    <add key="ida:Issuer" value="https://ims.bentley.com/"/>
    <add key="Bentley.eB.ImsAuthUri" value="https://ims.bentley.com/"/>
    <add key="Bentley.eB.ImsRoot" value="https://ims.bentley.com/"/>
    <add key="Bentley.eB.StsIssuerName" value="https://ims.bentley.com/"/>
    <add key="Bentley.eB.StsIssuerCertificate" value="A5A2F1CB135FAB96D43B7DEA28E3AAC7F60CF814"/>
  11. Save and close the file.

Configuring WSG for IMS

Follow these steps to configure WSG for IMS.
  1. Browse to the ALIM site's web.config file.
  2. Using a text editor, open web.config after WSG/plugin deployment, add the following appSettings key: 
    <add key="Bentley.eB.StsFederationMetadataUri" value="[http or https]://[domain or machine]/federationmetadata/2007-06/federationmetadata.xml" />
    where [http or https] is your transfer protocol, and [domain or machine] is your IMS server.
  3. If you are using an issuer other than ims.bentley.com, update the following keys: 
    <add key="Bentley.eB.ImsRoot" value="[http or https]://[domain or machine]" />
<add key="Bentley.eB.StsIssuerName" value="[http or https]://[domain or machine]/"/>
<add key="Bentley.eB.StsIssuerCertificate" value="[STS Issuer Certificate hash]"/>
<add key="ClientSettingsProvider.ServiceUri" value=""/>

Configuring AssetWise for IMS

Follow these steps to configure AssetWise for IMS.

  1. On the AssetWise server, open the IMS Management for your AssetWise community.
  2. On the IMS Settings tab, edit the Active STS URI if needed.
    Note: If the Active STS URI is changed, the eB Index Listener Service will need to be restarted.
  3. If previously connected, you might need to run this PowerShell script on the server: 
    $virtualDirectory = "C:\inetpub\wwwroot\eBIMS"
$winTemp = "C:\Windows\Temp"
$fileName = "IMS.FederationMetadata.cache"

$dirs = @()
$dirs += $virtualDirectory
$dirs += $winTemp

# user temp folders
Get-ChildItem("C:\Users") | ?{ $_.PSIsContainer } | % {$dirs += (join-path $_.PSPath "AppData\Local\Temp")}

$delete = $true

foreach ($dir in $dirs.GetEnumerator()) 
{
    $file = (join-path $dir $fileName)
    if(Test-Path $file)
    {
        Write-Host "[$($file)] exists" -f Green

        if($delete) 
        {
            Write-Host "Deleting [$($file)]" -f Red
            Remove-Item $file
        }
    }
    else 
    {
        Write-Host "[$($file)] doesn't exist" -f Yellow
    }
}
  4. If you are using an issuer other than ims.bentley.com, update eB.Application.Director.exe.config in the AssetWise Director directory (the default location is C:\Program Files (x86)\Bentley\eB\Director). For example, if you are using the ims.mydomain.com, the key value would look like this: 
    <add key="Bentley.eB.ImsRoot" value="https://ims.mydomain.com/"/>
<add key="Bentley.eB.StsIssuerName" value="https://ims.mydomain.com/"/>
<add key="Bentley.eB.StsFederationMetadataUri" value="FederationMetadata/20070-06/FederationMetadata.xml"
<add key="Bentley.eB.StsIssuerCertificate" value="[STS Issuer Certificate hash]"/>
  5. In case there is a different issuer, the Eb Service Manager properties must also be updated as follows:
    1. Open AssetWise System Management Console, and then in the Explorer, select your server from the tree.
    2. Select File, then Properties.
      The Eb Service Manager Properties dialog appears. For example,
    3. On the General tab, update the following properties as identified in the keys added in Step 4:

      - IMS Server URI

      - Relying Party URI

      - IMS Metadata URI

      - IMS Issuer Name

      - IMS Certificate Thumbprint

    4. Restart the Eb Service Manager Windows service.
  6. To configure the database to allow user-creation in AssetWise Director for a different IMS Issuer, run the following script based on your installation type:
    Note: Replace all instances of ims.mydomain.com with your own issuer address.

    MSSQL: 

    DECLARE
@settingId INT,
@objectId INT,
@oldValue NVARCHAR(2000),
@qaImsClaims NVARCHAR(2000) = ';https://ims.mydomain.com/,http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress; https://ims.mydomain.com/,http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name'
/* update settings with qa-ims claims if they do not exist */
SELECT @settingId = settings.setting_id, @objectId = object_id, @oldValue = value
FROM settings
INNER JOIN setting_defs ON setting_defs.setting_id = settings.setting_id
AND setting_defs.code = 'UserIdentityClaimTypes'
IF @oldValue not like '%' + @qaImsClaims + '%'
BEGIN
update settings
SET value = @oldValue + @qaImsClaims
WHERE setting_id = @settingId AND object_id = @objectId
END

    Oracle: 

    DECLARE
settingId INT;
objectId INT;
oldValue NVARCHAR2(2000);
qaImsClaims NVARCHAR2(2000) := ';https://ims.mydomain.com/,http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress; https://ims.mydomain.com/,http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name';
updatedValue NVARCHAR2(2000);
BEGIN
/* update settings with qa-ims claims if they do not exist */
SELECT settings.setting_id, object_id, value
INTO settingId, objectId, oldValue
FROM settings
INNER JOIN setting_defs ON setting_defs.setting_id = settings.setting_id
AND setting_defs.code = 'UserIdentityClaimTypes';
IF NOT (oldValue like '%'||qaImsClaims||'%')
THEN
updatedValue := oldValue || qaImsClaims;
update settings
SET value = updatedValue
WHERE settings.setting_id = settingId AND settings.object_id = objectId;
END IF;
END;
/
COMMIT;
Parent topic: ALIM Web Server Implementation