How do I configure Jira Data Center connection using OAuth 2.0
The SmartChange Integration Framework supports connection to a Jira Data Center server using OAuth 2.0, Authorization Code flow.
Instructions
Minimum requirements are SAP_BASIS 7.40 SP02 & SAP_GWFND 7.40 SP02 for using OAuth 2.0 authorization code grant type.
Using OAuth 2.0 from a Web Application with Authorization Code Flow - Security and Identity Management - Support Wiki (sap.com)
Configuration steps:
System administration tasks:
As a prerequisite, the administrator needs authorization to create OAuth 2.0 Client Configurations. Make sure that the administrator has the authorization S_OA2C_ADM with at least the activities 01, 02 and 03 in the AS ABAP system.
Following SICF services must be activated on the TM server:
/sap/bc/webdynpro/sap/oa2c_config
/sap/bc/webdynpro/sap/oa2c_grant_app
/sap/public/bc/icons
/sap/public/bc/icons_rtl
/sap/public/bc/webicons
/sap/public/bc/pictograms
/sap/public/bc/webdynpro
Creating an OAuth 2.0 Client Profile (SE80 > Create > More > OAuth 2.0 Client Profile)
Enter the object name in the Client Profile field of the popup
Choose the type of the service provider. For the Jira connection the DEFAULT or a Custom-defined service provider type can be selected
Example screenshot:Scopes: Assign the scopes that are required on the server side (Jira DC) to access the resources protected with OAuth 2.0. In this example the scope WRITE is required.
Create an OAuth 2.0 Client Configuration (TCode OA2C_CONFIG)
.
OAuth 2.0 Client ID
Client ID is to configure in Jira Data Center: Administration > Application > Application linksCreate link
Configure an incoming link
Redirect URL:
https://<host>:<port>/sap/public/bc/sec/oauth2/client/redirect?sap-client=100Permission: Write
Client ID and Client secred are created in the credentials
Authorization Server Settings
Authorization Endpoint:
https://<JiraDC>.<Oauth-Port>/rest/oauth2/latest/authorizeToken Endpoint:
https://<JiraDC>.<Oauth-Port>/rest/oauth2/latest/token
Access Settings:
Client Authentication: Form Fields
Grant Type: Authorization Code
OAuth 2.0 Client Configuration (tcode OA2C_CONFIG) must be done in TMS in multiple clients, depending on the TM Scenario (TM = DEV, TM <> DEV):
TM Server - client 000
TM working client
If TM = DEV, each working DEV client (where TRs are created)
Assign End User Authorizations:
Make sure end users who should be allowed to use the OAuth 2.0 client have the right authorizations:S_OA2C_USE
PROFILE: <OAuth 2.0 Client Profile>
ACTVT: 16
Configure SSL Settings:
Export SSL Certificate of Jira
Import the SSL Certificate in the AS ABAP (STRUST, PSE “SSL Client Anonymous”)
End User tasks:
An end user first needs to execute an initial OAuth 2.0 Token Request. The Server will then issue an Access Token and a Refresh Token.
After this initial OAuth 2.0 Token Request, the end user does not need to interactively request OAuth 2.0 Tokens again. Instead, the AS ABAP can use the refresh token to get a new set of tokens when the access token has expired.
Use transaction OA2C_GRANT
This will call the web service below, so it must be activated beforehand:
https://<yourhost>:<yourhttpsport>/sap/bc