Configuring IFS OData connector
Last updated
Last updated
Once installed IFS OData connector runs as a windows service. To configure the IFS OData connector,
Open a browser window and navigate to the connector service log-in page. Log in with valid credentials.
Click on the Configuration link and navigate to the configuration page.
In the configuration click on the Add new option to create a new connector configuration.
Name - name of the connector configuration.
Service URI - service URI of the IFS Cloud installation. Please refer Obtaining end-point info from IFS Cloud for more info.
IFS Version - IFS Cloud or IFS APP 10
Break workflow on error - Decides if an IFS exception should result in workflow being stopped
In the Auth tab, there are two more tabs named Design time and Runtime. Design time authentication is used when designing/developing a flow and runtime is used when running/executing the flow.
Design time always uses non-interactive authentication against IFS Cloud. These credentials are used to get projection information only.
Access Token URL - token endpoint for the IFS Cloud instance. Please refer Obtaining end-point info from IFS Cloud for more info
Client ID - Obtained from IFS IAM Client registration
Client Secret - Obtained from IFS IAM Client registration
Scope(s) - should be set to openid microprofile-jwt
Access Token URL - token endpoint for the IFS Cloud instance. Please refer Obtaining end-point info from IFS Cloud for more info
Username - end-user username
Password - end-user password
Client ID - Obtained from IFS IAM Client registration
Client Secret - Obtained from IFS IAM Client registration
Scope(s) - should be set to openid microprofile-jwt
It's recommended to use Client Credentials flow for design time due to a couple of reasons.
Client Credentials flow uses service users. Since design time involves mostly working with meta-data that is independent of any user-specific data, it's an ideal scenario for service users.
Choosing Password Credentials flow for design time requires storing end-user credentials in the connector configuration.
The runtime can use both interactive and non-interactive authentication against IFS Cloud. Also, there's an option to copy design time authentication as well. These credentials are used always when a machine task is executed by any client, including test bench in Flow Studio. There are options to override which credentials to use at runtime if the client is test bench, or if the user is a specific machine user. The purpose of the override is to either enable debugging workflows from Flow Studio or running scheduled workflows while using an interactive login for other clients. Without the override you need to create a separate connector configuration to cover those scenarios.
This type of authentication requires user interaction. It can only be used in clients supporting interactive login, such as mobile clients and web client. It cannot be used when running workflow in test bench or as a machine workflow, i.e. a scheduled workflow.
Auth URL - authorization endpoint for the IFS Cloud instance. Please refer Obtaining end-point info from IFS Cloud for more info
Access Token URL - token endpoint for the IFS Cloud instance. Please refer Obtaining end-point info from IFS Cloud for more info
Client ID - Obtained from IFS IAM Client registration
Client Secret - Obtained from IFS IAM Client registration
Scope(s) - should be set to openid microprofile-jwt
When modifying the runtime configuration from a non-interactive authentication method (such as Client Credentials Flow) to an interactive method (such as Authorization Code Flow), or vice versa, it is recommended to re-register with the flow server. Re-registration ensures smooth integration with the new authentication method. To do so, choose the "Re-register" option in the Flow Servers section.
Access Token URL - token endpoint for the IFS Cloud instance. Please refer Obtaining end-point info from IFS Cloud for more info
Client ID - Obtained from IFS IAM Client registration
Client Secret - Obtained from IFS IAM Client registration
Scope(s) - should be set to openid microprofile-jwt
Access Token URL - token endpoint for the IFS Cloud instance. Please refer Obtaining end-point info from IFS Cloud for more info
Username - end-user username
Password - end-user password
Client ID - Obtained from IFS IAM Client registration
Client Secret - Obtained from IFS IAM Client registration
Scope(s) - should be set to openid microprofile-jwt
It's highly recommended to leave the Username and Password fields empty in the runtime configuration. When left empty users will get the option to provide the user credentials from Flow while executing a workflow. It also avoids the need to store end-user credentials in connector config.
Used in External IDP(single sign-on) scenario.