/
How do I configure Jira Data Center connection using OAuth 2.0

How do I configure Jira Data Center connection using OAuth 2.0

The SmartChange Integration Framework supports connection to a Jira Data Center server using OAuth 2.0, Authorization Code flow.

 Instructions

Minimum requirements are SAP_BASIS 7.40 SP02 & SAP_GWFND 7.40 SP02 for using OAuth 2.0 authorization code grant type.
Using OAuth 2.0 from a Web Application with Authorization Code Flow - Security and Identity Management - Support Wiki (sap.com)

Configuration steps:

System administration tasks:
As a prerequisite, the administrator needs authorization to create OAuth 2.0 Client Configurations. Make sure that the administrator has the authorization S_OA2C_ADM with at least the activities 01, 02 and 03 in the AS ABAP system.

  1. Following SICF services must be activated on the TM server:

    • /sap/bc/webdynpro/sap/oa2c_config

    • /sap/bc/webdynpro/sap/oa2c_grant_app

    • /sap/public/bc/icons

    • /sap/public/bc/icons_rtl

    • /sap/public/bc/webicons

    • /sap/public/bc/pictograms

    • /sap/public/bc/webdynpro

  2. Creating an OAuth 2.0 Client Profile (SE80 > Create > More > OAuth 2.0 Client Profile)

    • Enter the object name in the Client Profile field of the popup

    • Choose the type of the service provider. For the Jira connection the DEFAULT or a Custom-defined service provider type can be selected

      Example screenshot:

       

      image-20240409-100340.png

    • Scopes: Assign the scopes that are required on the server side (Jira DC) to access the resources protected with OAuth 2.0. In this example the scope WRITE is required.

  3. Create an OAuth 2.0 Client Configuration (TCode OA2C_CONFIG)

    image-20240409-100408.png

     

    .

    1. OAuth 2.0 Client ID
      Client ID is to configure in Jira Data Center: Administration > Application > Application links

      • Create link

         

      • Configure an incoming link

      • Authorization Server Settings

        • Authorization Endpoint:
          https://<JiraDC>.<Oauth-Port>/rest/oauth2/latest/authorize

        • Token Endpoint:
          https://<JiraDC>.<Oauth-Port>/rest/oauth2/latest/token

      • Access Settings:

        • Client Authentication: Form Fields

        • Grant Type: Authorization Code

  • OAuth 2.0 Client Configuration (tcode OA2C_CONFIG) must be done in TMS in multiple clients, depending on the TM Scenario (TM = DEV, TM <> DEV):

    • TM Server - client 000

    • TM working client

    • If TM = DEV, each working DEV client (where TRs are created)

  1. Assign End User Authorizations:
    Make sure end users who should be allowed to use the OAuth 2.0 client have the right authorizations:

    • S_OA2C_USE

      • PROFILE: <OAuth 2.0 Client Profile>

      • ACTVT: 16

  2. Configure SSL Settings:

    • Export SSL Certificate of Jira

    • Import the SSL Certificate in the AS ABAP (STRUST, PSE “SSL Client Anonymous”)

End User tasks:

An end user first needs to execute an initial OAuth 2.0 Token Request. The Server will then issue an Access Token and a Refresh Token.

After this initial OAuth 2.0 Token Request, the end user does not need to interactively request OAuth 2.0 Tokens again. Instead, the AS ABAP can use the refresh token to get a new set of tokens when the access token has expired.