Enabling BMC Helix Single Sign-On OAuth 2.0 authentication for your application

BMC Helix Single Sign-On implements the OAuth 2.0 protocol—an industry-standard framework that enables a third-party application to obtain limited access to an HTTP service; for example, a BMC Helix Innovation Studio application.

The OAuth 2.0 protocol authenticates in the following ways:

On behalf of a resource owner, orchestrates an approval interaction between the resource owner and the HTTP service
Allows the third-party application to obtain access by itself

As a developer, you can create configuration settings in BMC Helix Innovation Studio to enable BMC Helix Single Sign-On OAuth 2.0 in your application. The administrator must contact BMC Support to configure BMC Helix Single Sign-On OAuth resource server name, client ID, and client secret in the In-bundle settings created by the developer.

This topic describes the steps to create the configuration settings to enable BMC Helix Single Sign-On OAuth.

To create In-bundle settings for BMC Helix Single Sign-On OAuth configuration

Log in to BMC Helix Innovation Studio and click the Workspace tab.
Select the application for which you want to enable BMC Helix Single Sign-On OAuth.
Click the Configurations tab.
Select New > In-bundle settings.

In the New In-bundle settings window, specify the following properties:

Property	Description
Component name	Enter the configuration name. The name is displayed in the Configurations tab in your bundle's Workspace; for example, OAuth Configuration
View	Select the view that you want to open for this setting.
Enable access from	Specify whether you want to show the configuration in the application, or in BMC Helix Innovation Studio, or both.
Component label	Specify a unique label for the configuration. The label you provide appears as a setting on the Administration tab.
Permissions	Select the roles and groups that can access the setting. You can add permissions to groups or application roles. You can select roles from multiple applications deployed on the system.
First menu	Enter the name of the top-level navigation menu that is displayed in the Settings menu. If multiple settings use the same name for First Menu, all those settings appear under the same navigation item.
Second menu	Enter the name of the second level navigation item that is displayed in the left navigation of the Settings menu. If left blank, no second-level item will appear. If multiple settings use the same name for Second menu, all those settings appear under the same navigation item.

Click Save.

To add the BMC Helix Single Sign-On OAuth In-bundle setting in custom code

After creating the In-bundle setting for BMC Helix Single Sign-On OAuth, you must use the Setting name in your application's custom service action code.

Open the application's custom service action code.
After the @Action and @Action Parameter section,  add the following code and save:
if (ServiceLocator.getOAuthService().isOAuthConfigured(
<ConfigurationName>)) {
String token = ServiceLocator.getOAuthService().getAccessToken(
<ConfigurationName>,
false);

After the developer deploys the application, the BMC Helix Single Sign-On OAuth In-bundle setting is displayed in the BMC Helix Innovation Studio Administration tab and the application's Settings tab as shown in the following image:

The administrator must configure the application URL and contact BMC Support to configure the Resource Server, Client ID, and Client Secret.

Enabling BMC Helix Single Sign-On OAuth 2.0 authentication for your application

To create In-bundle settings for BMC Helix Single Sign-On OAuth configuration

To add the BMC Helix Single Sign-On OAuth In-bundle setting in custom code

On this page