codeBeamer with database

Requirements

docker

docker-compose

Available port 8080

Start application

Create a docker-compose.yml for MySQL or Oracle database

docker-compose -f docker-compose.yml up

Alternatively if you would like to run the application in the background you can use

docker-compose -f docker-compose.yml up -d

After docker-compose finished you can reach the application on http://localhost:8080

Default credentials

username: bond

password: 007

Stop application

docker-compose -f docker-compose.yml down

or press

CTRL+c

if you started it without

-d

codeBeamer with OpenID

Changes in 20.11

• CB_openId_client_redirectUri
  • removed and no longer required
  • the URI will be build automatically, and shown read-only on the openId admin UI
  • make sure that the host name is configured correctly in the "Outgoing Email Connection" admin section, or by environment variables
    • CB_mail_serverScheme=
    • CB_mail_localname=
    • CB_mail_serverPort=

Changes in 10.1

• CB_openId_enabled
  • true (default): OpenID authentication is enabled.
  • false: OpenID authentication is disabled.

Changes in 10.0

New fields

• CB_openId_automatic
  • true: Logging in automatically with OpenID
  • false: codeBeamer login page appears. You can choose Login with your codeBeamer user or Login with SSO.
• CB_openId_client_resolveUserBy (comma separated values)
  • Available options: email, eauthid, username

Changes in 9.4

CB_openId_client_issuer became CB_openId_server_issuer

CB_openId_client_redirectUris became CB_openId_client_redirectUri.

New fields

• CB_openId_introspection_clientId
• CB_openId_introspection_clientSecret
• CB_openId_forceOAuth if this is true, then access to the REST API (v1) requires an OAuth2access token.
  Default is false, which means Basic and Digest authentication are also allowed, but will only work for (technical) user accounts, where a password is set.
• CB_openId_reuseDefaultAccount if this is true, then the default/initial system admin account ("bond") will be reused for the first user, that logins in via OpenID Connect, making this user the default system administrator. Default is false.
• CB_openId_cacheSuccessTTL the time successful OAuth2 access token introspections should be cached, e.g. 1:30h, 20min or 90s. Default is 10min
• CB_openId_cacheFailureTTL the time unsuccessful OAuth2 access token introspections should be cached. Default is 15min

Requirements for Google OAuth 2.0

docker

docker-compose

Google OAuth 2.0 credentials

You need to set
Authorized redirect URIs to http://localhost:8080/login.spr
Authorized JavaScript origins to http://localhost:8080

Available port 8080

Configuration

You have to set the following data in

./config/openid.env
CB_openId_client_clientId=yourClientId
CB_openId_client_clientSecret=yourClientSecret
CB_openId_client_clientName=yourClientName

where:

• yourClientId is the clientId that you received in Google API Console
• yourClientSecret is the clientSecret that you received in Google API Console
• yourClientName is the clientName that you set in Google API Console

List of available environment variables

• CB_openId_enabled
• CB_openId_automatic
• CB_openId_client_resolveUserBy
• CB_openId_client_clientId
• CB_openId_client_clientSecret
• CB_openId_client_clientName
• CB_openId_client_tokenEndpointAuthMethod
• CB_openId_client_scope
• CB_openId_client_redirectUri
• CB_openId_client_userName
• CB_openId_introspection_clientId
• CB_openId_introspection_clientSecret
• CB_openId_server_issuer
• CB_openId_server_authorizationEndpointUri
• CB_openId_server_endSessionEndpoint
• CB_openId_server_introspectionEndpointUri
• CB_openId_server_jwksUri
• CB_openId_server_revocationEndpointUri
• CB_openId_server_tokenEndpointUri
• CB_openId_server_userInfoUri
• CB_openId_reuseDefaultAccount
• CB_openId_cacheFailureTTL
• CB_openId_cacheSuccessTTL
• CB_openId_forceOAuth

Configuration for Google OpenID Server

CB_openId_client_clientId=yourClientId
CB_openId_client_clientSecret=yourClientSecret
CB_openId_client_clientName=yourClientName
CB_openId_client_tokenEndpointAuthMethod=SECRET_BASIC
CB_openId_client_scope=openid,profile,email
CB_openId_client_userName=sub,name
CB_openId_server_issuer=https://accounts.google.com
CB_openId_server_authorizationEndpointUri=https://accounts.google.com/o/oauth2/v2/auth
CB_openId_server_endSessionEndpoint=https://accounts.google.com/logout
CB_openId_server_introspectionEndpointUri=https://www.googleapis.com/oauth2/v3/tokeninfo
CB_openId_server_jwksUri=https://www.googleapis.com/oauth2/v3/certs
CB_openId_server_revocationEndpointUri=https://oauth2.googleapis.com/revoke
CB_openId_server_tokenEndpointUri=https://oauth2.googleapis.com/token
CB_openId_server_userInfoUri=https://openidconnect.googleapis.com/v1/userinfo

CB_openId_client_userName specified the attribute from the openID response that will be used as a username in codeBeamer application. It is a comma separated list

Start application

docker-compose -f docker-compose.mysql.openid.yml up

Alternatively if you would like to run the application in the background you can use

docker-compose -f docker-compose.mysql.openid.yml up -d

You can reach the application on http://localhost:8080 and you will be redirected to Google's authentication page.

After you logged in to your Google account you will be redirected to http://localhost:8080 (codeBeamer) and you will see your newly created user's page.

Stop application

docker-compose -f docker-compose.mysql.openid.yml down

or press

CTRL+c

if you started it without

-d