Connector for OData, SAP Gateway and Microsoft SharePoint - General information

You can reach this dialog in the following ways:
Integration module Consume data Connector for OData OData menu / New data source or Edit an existing connection
Integration module Consume data Connector for SAP Gateway SAP Gateway menu / New data source or Edit an existing connection
Integration module Consume data Connector for Microsoft SharePoint Microsoft SharePoint menu/ New data source or Edit an existing connection

1. Connector for OData / Connector for SAP Gateway


Name

Enter the name of the connection here.

Description

You can enter a description for the connection here.

Authentication

1.1. Method

1.1.1. None

For anonymous access.

1.1.2. Basic




With this method (HTTP Basic), the login information will be requested. The user entered here will only be needed to access the service metadata in the Portal Manager.

1.1.3. Intrexx




This method is useful for services provided via the Intrexx OData provider. Login information will be transferred encrypted here. To access the metadata, enter an Intrexx user and corresponding password here as well.

1.1.4. Kerberos / Kerberos (HTTP Basic)




These methods are available in Windows environments for using Windows Integrated Authentication for Single Sign-On. The second option for "HTTP Basic" enables authentication for clients that do not support the Kerberos protocol. Please note the following basic requirements for successful authentication with Kerberos:

Using Kerberos authentication provides you and your users with true Single Sign-on access to the OData service that uses the Integrated Windows Authentication. If a user cannot be authenticated, the second option will automatically use the standard login method. For successful authentication, it is necessary to specify a Service Principal Name (SPN). The SPN contains information about the service that requires a Kerberos ticket to be generated for it. This ticket is required for the Internet Information Server used by the Intrexx Portal Server. The SPN is generally constructed as follows:
http/<computer-DNS-name>@<KERBEROS_REALM>
Computer-DNS-name: Fully qualified host name (such as "mycomputer.mycompany.com">)
KERBEROS_REALM: Generally the domain in uppercase letters (such as "MYCOMPANY.COM"). The SPN would therefore look like the following using the sample data:
http/mycomputer.mycompany.com@MYCOMPANY.COM

1.1.5. Kerberos (Intrexx Token Service)




All information about this can be found here.

1.1.6. X.509




With this method, a certificate store in PKCS12 format can be uploaded. Later, each user can upload their own certificate store using a login form. For authentication with X.509 certification, the root certificate of the authentication authority, which is responsible for issuing the client certificates, must previously have been imported into Intrexx. Restart the portal service afterwards.

OAuth2/OpenID Connect (from Intrexx 8 with Online-Update 05)




The method "OAuth2" supports services that require an OAuth2 authorization for users. Should the service support an auto approval of the user, the login of a user can be specified here for the metadata. If this is not possible, the metadata document must first of all be saved as a local file and stored in portal directory internal/cfg/odata with the file name: <SERVICE_GUID>.edmx. Currently, the actual configuration of the OAuth2 authorization must be performed in the XML configuration file of the OData consumer directly in the portal directory internal/cfg/odata with the file name <SERVICEGUID>.xml. The following properties are relevant here:
<property name="authenticationType" value="OAUTH2"/> // Value must be OAUTH2
<property name="oauth2.scope" value="<OAuth Scopes>"/>
<property name="oauth2.authenticationScheme" value="<Schema>"/>
<property name="oauth2.clientId" value="<Client ID>"/>
<property name="oauth2.grantType" value="<Grant Type>"/>
<property name="oauth2.clientAuthenticationScheme" value="<Client Schema>"/>
<property name="oauth2.userAuthorizationUri value="<Endpoint for the authentication>"/>
<property name="oauth2.clientSecret"value="<Client Secret>"/>
<property name="oauth2.redirectUri" value="<Redirect URL>"/>
<property name="oauth2.accessTokenUri" value="<Endpoint for the request of a token>"/>
In the following, excerpts of some example configurations for commonly used OAuth2 services are listed. Many of these services cannot be used as OData services. Despite this, the OAuth2 authentication can be used for direct HTTP accesses to the service in Groovy scripts.

Spring Security OAuth2 Identity Provider

<?xml version="1.0" encoding="UTF-8"?>
<odata xmlns="urn:schemas-unitedplanet-de:lucy:server:odata:consumer:cfg" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-unitedplanet-de:lucy:server:odata:consumer:cfg consumer.xsd">
	<consumer description="" guid="30378A6DEDA601F69D525C7FCAFA7E12CEC114C8" name="SpringOAuth2">
		<property name="authenticationType" value="OAUTH2"/>
		<property name="additionalAuthenticationTypes" value=""/>
		<property name="userName" value="user"/>
		<property name="password" value="E54F94C0106981A41312FC14955B164C"/>
		<property name="servicePrincipalName" value=""/>
		<property name="isSharePointService" value="false"/>
		<property name="isSapService" value="false"/>
		<property name="sapUseDefaultClientId" value="false"/>
		<property name="sapClientId" value=""/>
		<property name="sapNetweaverGatewayHost" value=""/>
		<property name="sapNetweaverGatewayPort" value=""/>
		<property name="sapNetweaverGatewayUseSSL" value="false"/>
		<property name="sapSolutionManagerRegistered" value="false"/>
		<property name="authTypeSource" value=""/>
		<property name="authLoginSource" value=""/>
		<property name="authPasswordSource" value=""/>
		<property name="authSapClientIdSource" value=""/>
		<property name="oauth2.grantType" value="authorization_code"/>
		<property name="oauth2.clientAuthenticationScheme" value="form"/>
		<property name="oauth2.accessTokenUri" value="http://localhost:9999/uaa/oauth/token"/>
		<property name="oauth2.userAuthorizationUri" value="http://localhost:9999/uaa/oauth/authorize"/>
		<property name="oauth2.scope" value="openid"/>
		<property name="oauth2.clientId" value="acme"/>
		<property name="oauth2.clientSecret" value="acmesecret"/>
		<property name="oauth2.redirectUri" value="http://localhost/devportal/oauth2"/>
		<services>
			<service guid="E2050082619BBD33EEDEA97BDCC9223B25244191" name="SpringOauth2" odataSpecVersion="V2" sapCsrfTokenRequired="false" serviceRootURI="http://localhost:8888/res/" useSSL="false"/>
		</services>
		<userMappings/>
	</consumer>
</odata>
Values shown in italics need to be modified. Further information can be found here: http://spshell.blogspot.de/2015/03/sharepoint-online-o365-oauth.html

Microsoft Outlook Online (only http, no OData)

<property name="authenticationType" value="OAUTH2"/> // Value must be OAUTH2
<property name="oauth2.scope" value="https://outlook.office.com/mail.read"/>
<property name="oauth2.authenticationScheme" value="form"/>
<property name="oauth2.clientId" value="<Client ID>"/>
<property name="oauth2.grantType" value="authorization_code"/>
<property name="oauth2.clientAuthenticationScheme" value="form"/>
<property name="oauth2.userAuthorizationUri value="https://login.microsoftonline.com/common/oauth2/v2.0/authorize"/>
<property name="oauth2.clientSecret"value="<Client Secret>"/>
<property name="oauth2.redirectUri" value="http://localhost/devportal/oauth2"/>
<property name="oauth2.accessTokenUri" value= "https://login.microsoftonline.com/common/oauth2/v2.0/token"/>
<services>
<service guid="XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" name="Outlook" odataSpecVersion="V2" sapCsrfTokenRequired="false" serviceRootURI="https://outlook.office.com/api/v2.0/me/messages" useSSL="true"/>
</services>

GoogleMail (only http, no OData)

<property name="authenticationType" value="OAUTH2"/> // Value must be OAUTH2
<property name="oauth2.scope" value="https://mail.google.com/"/>
<property name="oauth2.authenticationScheme" value="header"/>
<property name="oauth2.clientId" value="<Client ID>"/>
<property name="oauth2.grantType" value="authorization_code"/>
<property name="oauth2.clientAuthenticationScheme" value="header"/>
<property name="oauth2.userAuthorizationUri value="https://accounts.google.com/o/oauth2/auth"/>
<property name="oauth2.clientSecret"value="<Client Secret>"/>
<property name="oauth2.redirectUri" value="http://localhost/devportal/oauth2"/>
<property name="oauth2.accessTokenUri" value= "https://accounts.google.com/o/oauth2/token"/>
<services>
<service guid="XXXXXXXXXXXXXXXXXXXXXXXXXXXXX" name="GMail Inbox" odataSpecVersion="V2" sapCsrfTokenRequired="false" serviceRootURI="https://www.googleapis.com/gmail/v1/users/firstname.lastname@googlemail.com/messages/" useSSL="true"/> </services>

1.1.8. SharePoint Forms-based




All information about forms-based authentication for Microsoft SharePoint connections can be found here.

1.1.9. SharePoint Fed Auth (SAML)




All information about forms-based authentication with identity providers conforming to SAML for Microsoft SharePoint connections can be found here.

Connection timeout

Timeout

Enter how long the connection should be maintained in milliseconds, seconds, minutes or hours.

Active

With this setting, the defined timeout will take effect.

2. Connector for SharePoint


Name

Enter the name of the new connection here.

Description

You can enter a short description here.

Authentication

User / Password

Enter the username and password for the user you want to use to access SharePoint. The user entered here will only be needed to access the service metadata in the Portal Manager.

OAuth2/OpenID Connect (from Intrexx 8 with Online Update 05)

The method "OAuth2" supports services that require an OAuth2 authorization for users. Should the service support an auto approval of the user, the login of a user can be specified here for the metadata. If this is not possible, the metadata document must first of all be saved as a local file and stored in portal directory internal/cfg/odata with the file name: <SERVICE_GUID>.edmx.



Currently, the actual configuration of the OAuth2 authorization must be performed in the XML configuration file of the OData consumer directly in the portal directory internal/cfg/odata with the file name <SERVICEGUID>.xml. The following properties are relevant here:
<property name="authenticationType" value="OAUTH2"/> // Value must be OAUTH2
<property name="oauth2.scope" value="<OAuth Scopes>"/>
<property name="oauth2.authenticationScheme" value="<Schema>"/>
<property name="oauth2.clientId" value="<Client ID>"/>
<property name="oauth2.grantType" value="<Grant Type>"/>
<property name="oauth2.clientAuthenticationScheme" value="<Client Schema>"/>
<property name="oauth2.userAuthorizationUri value="<Endpoint for the authentication>"/>
<property name="oauth2.clientSecret"value="<Client Secret>"/>
<property name="oauth2.redirectUri" value="<Redirect URL>"/>
<property name="oauth2.accessTokenUri" value="<Endpoint for the request of a token>"/>
In the following, excerpts of some example configurations for commonly used OAuth2 services are listed. Many of these services cannot be used as OData services. Despite this, the OAuth2 authentication can be used for direct HTTP accesses to the service in Groovy scripts.

Microsoft SharePoint 365 (OAuth2 via AzureAD)

<?xml version="1.0" encoding="UTF-8"?>
<odata xmlns="urn:schemas-unitedplanet-de:lucy:server:odata:consumer:cfg" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="urn:schemas-unitedplanet-de:lucy:server:odata:consumer:cfg consumer.xsd">
	<consumer description="" guid="A07EFC374A42F1A4C2C0BEDB60E5B99B2F89F660" name="SharePoint365">
        <property name="authenticationType" value="OAUTH2"/>
        <property name="oauth2.scope" value="Site.Read Web.Read List.Write"/>
        <property name="oauth2.clientId" value="CLIENT_ID"/>
        <property name="oauth2.grantType" value="authorization_code"/>
        <property name="oauth2.clientAuthenticationScheme" value="form"/>
        <property name="oauth2.authenticationScheme" value="form"/>
        <property name="oauth2.userAuthorizationUri" value="https://company.sharepoint.com/_layouts/15/OAuthAuthorize.aspx"/>
        <property name="oauth2.clientSecret" value="CLIENT_SECRET"/>
        <property name="oauth2.redirectUri" value="https://localhost/devportal/oauth2"/>
        <property name="oauth2.accessTokenUri" value="https://accounts.accesscontrol.windows.net/TENANT_ID/tokens/OAuth/2"/>
        <property name="sharePoint.oauth2.resource" value=".../company.sharepoint.com@TENANT_ID"/>
        <property name="sharePoint.oauth2.realm" value="TENANT_ID"/>
        <services>
			<service guid="0EA408C8493C29D52921D6E78389A2A5CD1E2539" name="SharePoint365" odataSpecVersion="V2" sapCsrfTokenRequired="false" serviceRootURI="https://company.sharepoint.com/_vti_bin/listdata.svc/" useEtag="true" useSSL="true"/>
        </services>
        <userMappings/>
	</consumer>
</odata>
Values shown in italics need to be modified. Further information can be found here: http://spshell.blogspot.de/2015/03/sharepoint-online-o365-oauth.html