Open Services for Lifecycle Collaboration (OSLC) Server
Open Services for Lifecycle Collaboration (OSLC) services are used to simplify integration across the lifecycle management tools. Windchill supports the OSLC specification by default and enable the OSLC clients to use these services to integrate with Windchill.
The Windchill OSLC APIs allow OSLC clients to query and link to Windchill parts based on the OSLC specifications. Windchill supports the following OSLC specifications:
• Core 3.0
The Windchill OSLC Services are responsible for mapping Windchill objects to a corresponding OSLC resource and provide the response for these resources in the requested format. Following are the supported formats:
• rdf+xml (Default)
• text/turtle
 |
The Windchill OSLC Services can be used only by OSLC clients; non-OSLC clients must use the Windchill (OData) Rest Services (WRS).
|
OSLC Catalog
The OSLC Catalog can be accessed at http(s)://<server>:<port>/Windchill/oslc/catalog for more information on all available services, resources and terminology.
Configuring OAuth Authorization
The default authorization for the Windchill OSLC Services is basic authorization. An additional configuration step is required to enable OAuth authorization.
See Configure OAuth Delegated Authorization for steps to configure Windchill to use OAuth. After Windchill OAuth is configured, set the following Windchill properties:
|
Property Name
|
Description
|
|---|---|
|
oslc.authorizationURI
|
URI for obtaining OAuth authorization
|
|
oslc.oauthAccessTokenURI
|
URI for obtaining OAuth access token
|
|
oslc.oauthRequestTokenURI
|
URI for obtaining OAuth request token
|
When the OSLC OAuth properties are configured, the Windchill OSLC Catalog includes the OAuthConfiguration property, which allows OSLC clients to discover that they should use OAuth authorization.
|
|
When you use OAuth authorization, make sure all requests to OSLC endpoints are prefixed with the configured SpringSecurityFilterChain url pattern. For example, if SpringSecurityFilterChain is configured with the /oauth/* url pattern, all OSLC endpoints must have the /oauth/oslc/* url pattern.
|
Configuration Required after Windchill Update
To enable the Windchill OSLC Services after updating from a previous version of Windchill, perform the following steps:
1. Add the following entry to %WT_HOME%/codebase/WEB_INF/web.xml
<servlet-mapping>
<servlet-name>OSLCServlet</servlet-name>
<url-pattern>/oslc/*</url-pattern>
</servlet-mapping>
<servlet-name>OSLCServlet</servlet-name>
<url-pattern>/oslc/*</url-pattern>
</servlet-mapping>
2. To add the OSLC path to the Apache configuration, add the following entry to HTTPServer/conf/conf.d/30-app-Windchill-AJP.conf
JkMount /Windchill/oslc/* ajpWorker
3. To configure the OSLC catalog for anonymous access in the Apache configuration, add the following entry to HTTPServer/conf/conf.d/30-app-Windchill-Auth.conf
<LocationMatch ^/+Windchill/+oslc/catalog(;.*)?>
Require all granted
</LocationMatch>
Require all granted
</LocationMatch>
Configuration for Content Security Policy
To allow client sites from other sites to view OSLC previews, update the web.xml file to include the following OSLC Content Security servlet filter configurations:
<filter>
<filter-name>OSLCContentSecurityFilter</filter-name>
<description>Servlet request filter to set the Content Security Policy for previews</description>
<filter-class>com.ptc.oslc.windchill.filter.OSLCHttpHeaderSecurityFilter</filter-class>
<init-param>
<param-name>allowedOrigins</param-name>
<param-value>https://site1.domain.com,https://site2.domain.com </param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>OSLCContentSecurityFilter</filter-name>
<url-pattern>/oslc/*</url-pattern>
</filter-mapping>
<filter-name>OSLCContentSecurityFilter</filter-name>
<description>Servlet request filter to set the Content Security Policy for previews</description>
<filter-class>com.ptc.oslc.windchill.filter.OSLCHttpHeaderSecurityFilter</filter-class>
<init-param>
<param-name>allowedOrigins</param-name>
<param-value>https://site1.domain.com,https://site2.domain.com </param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>OSLCContentSecurityFilter</filter-name>
<url-pattern>/oslc/*</url-pattern>
</filter-mapping>
Configuration for Cross-Origin Resource Sharing (CORS) for OSLC
 |
For a more secure configuration, use the CORS filter for a cross-domain OSLC configuration only.
|
 |
When configuring Windchill to share OSLC resources with other PTC OSLC client applications, install these applications locally in the same domain.
|
To allow client sites from other sites to view OSLC services, update the web.xml file to include the following servlet filter configurations:
<filter>
<filter-name>ContentCorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>[ALLOWED_ORIGINS]</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,OPTIONS</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>ContentCorsFilter</filter-name>
<url-pattern>/oslc/preview/*</url-pattern>
<url-pattern>/oslc/config/*</url-pattern>
</filter-mapping>
<filter-name>ContentCorsFilter</filter-name>
<filter-class>org.apache.catalina.filters.CorsFilter</filter-class>
<init-param>
<param-name>cors.allowed.origins</param-name>
<param-value>[ALLOWED_ORIGINS]</param-value>
</init-param>
<init-param>
<param-name>cors.support.credentials</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.methods</param-name>
<param-value>GET,POST,OPTIONS</param-value>
</init-param>
<init-param>
<param-name>cors.allowed.headers</param-name>
<param-value>Content-Type,X-Requested-With</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>ContentCorsFilter</filter-name>
<url-pattern>/oslc/preview/*</url-pattern>
<url-pattern>/oslc/config/*</url-pattern>
</filter-mapping>
Configuring Apache to Frame Windchill Previews for a Cross-Site Deployment
When Windchill is integrated with an external OSLC server such as Codebeamer and both are deployed cross-site, Apache must be configured to support framing of Windchill previews in the integrated OSLC server. A cross-site deployment refers to servers that are deployed to different top-level internet domains, such as windchill.foo.com and codebeamer.bar.com.
|
|
This configuration is necessary to ensure compatibility with newer browser versions.
|
To configure Apache, follow these steps:
1. Set the following properties in the app-Windchill.properties file:
|
Property
|
Description
|
|---|---|
|
trustedAncestorSites
|
Specify the URL of the cross-site OSLC server to enable framing of the OSLC preview page.
This value should match the value for allowedOrigins in the OSLCContentSecurityFilter in the web.xml file.
For example, the URL of the cross-site Codebeamer server https\://ppumsv-ipfc408d.almrd.example.com\:8573
|
|
authCookieNameRegexp
|
Regular expression for the authentication cookie name, which can be the same as the name of the authentication cookie.
For example: _shibsession_.*
To locate the authentication cookie, login to the Windchill and go to > > in the browser.
|
|
enableOslcPreviewRewrite
|
Set this value to true to enable the Apache-based jump page flow.
|
|
enableRefererChecking
|
Set this value to true to enable a referer header check as an additional security measure. This is optional.
|
|
originBaseUrl
|
If enableRefererChecking is set to true, then specify the base URL of the Windchill server.
For example: https\://pwrdcsv-wcqa576d.ptcnet.ptc.com
|
|
setReferrerPolicy
|
If enableRefererChecking is set to true, then set this value to true to configure the referrer policy response header to strict-origin.
|
2. Execute the Ant command ant -f webAppConfig.xml regenAllWebApps.
Alternatively, you can execute the Ant command ant -f webAppConfig.xml regenWebAppConf -DappName=Windchill.
3. Restart the Apache server to apply the changes.
4. Verify that you can view Windchill previews in the integrated OSLC server.