Configure access claims using a third-party API manager - Intergraph Smart 3D Web API - Installation & Upgrade - Hexagon PPM

Intergraph Smart 3D and Smart 3D Admin Web API Installation and Configuration

Language
English (United States)
Product
Intergraph Smart 3D Web API
Subproduct
Smart 3D Web APIs
Search by Category
Installation & Upgrade
Smart 3D Version
13

After you've granted Modify permissions to web server files in IIS, you continue with configuring access claims.

SHARED Tip If you are using Smart API Manager as your API manager, see Configure access claims using Smart API Manager instead.

Add Supported Claim Types to the Smart API

  1. Add the appropriate claim type for the web API you're configuring if one does not exist.

    • For Smart 3D - add the Access claim type.

    • For Smart 3D Admin - add the SiteCreatorAccess, SiteReadAccess, and SiteWriteAccess claim types.

  2. Set the values for each claim type.


    Value

    Claim Type for the Smart 3D Web API

    Claim Types for the
    Smart 3D Admin Web API

    Name

    Access

    SiteCreatorAccess

    SiteReadAccess

    SiteWriteAccess

    User Name

    Plant Access

    Site creator access

    Read access to site

    Write access to site

    Type

    String

    Enum

    String

    String

    Values

    --

    Grant

    --

    --

    Required

    Checked

    Unique

    Checked

    Checked

    Note that UI options for API Managers are different based on providers.

Authorize the groups

  1. Add the claim to the group:

    • For the Smart 3D Web API, add a Plant Access claim for each plant in the Smart 3D site to which the group will have at least read access.

      You need to type the names of the plants so have a list available.

      Prefix the site name to the plant name using the syntax SiteName:PlantName. Use the “*” character as a wildcard to give access to multiple plants. For example, access to all plants can be given by giving a plant name of *.

      Repeat this for each existing Group that accesses one or more plants in the Smart 3D Site.

    • For the Smart 3D Admin Web API, add the claims as follows:

      • SiteCreatorAccess - Add this claim if the user is intended to do the actions “CreateSite”, “RestoreSite”, or “EnableSite”.

      • SiteReadAccess - Add this claim for each sitealias on which the user will have read access on the site. The user will have read access on all entities and can perform a GET operation.

      • SiteWriteAcess - Add this claim for each sitealias on which the user will have write access on the site. The user can perform PATCH, PUT, POST, and DELETE operations. Also, this user is allowed to perform all actions except for those actions that only the SiteCreatorAccess claim allows users to do.

        SHARED Tip For both the SiteReadAccess and SiteWriteAccess claims, use the “*” character as a wildcard to give access to multiple sites. For example, to give access to all sites, give a site alias name of *.

  2. Add a scope with the API Service ID that is used while creating the website. Include this scope in your access tokens.

    SHARED Tip Because the scope value is a GUID, make sure you capitalize any letters it contains, for example: 94A3D2D5-91B2-4B67-BDEB-E66CE8534FA5.

  3. Include email scope for all your access tokens as the API relies on email scope for processing requests.

  4. For all users logged in with windows active directory credentials, configure your Sub claim to include user information in format (AD Domain)\\(AD UserName) as Smart 3D validates windows active directory users for permissions on the plant.

  5. For the Smart 3D Web API, add the Audience attribute to the web.config file. This attribute should match the audience field in API Manager settings. For example:

    <service prefix="s3d/v1" id="1591be37-f39f-4117-bd22-e65216d3e7c5" audience="1591be37-f39f-4117-bd22-e65216d3e7c5" secret="******************" instance="" />

  6. For the Smart 3D Admin Web API, add the ServiceAudience attribute to the appsettings.json file. This attribute should match the audience field in API Manager settings. For example:

    "Hexagon.SmartApi": {

    "BaseUri": "https://Server.com/adminwebapi",

    "Services": [

    {

    "UriPrefix": "s3dadmin/v1",

    "ServiceId": "6fb71ce4-650e-4ab2-ba01-18f1f65b42ab",

    "ServiceAudience": "6fb71ce4-650e-4ab2-ba01-18f1f65b42ab",

    "ServiceSecret": "***",

    "ServiceSecretHash": "*****",

    "InstanceName": ""

    }

    ],

You're done with configuring access claims! Now, move on to configuring app settings.