Integrating with IBM Sterling Order Management System Software containers over phase 2

Configure the integration properties, custom overrides properties, and generate a JSON Web Token to integrate Sterling Intelligent Promising with Sterling Order Management System Software containers.

  1. Configure the integration between IBM® Sterling Order Management System Software containers and IBM Sterling Intelligent Promising. For more information, see Enabling Sterling Inventory Visibility integration for Sterling Order Management System Software.
  2. Configure the following set up properties in customer overrides properties file for enabling V2 mode.
    iv_integration.IVApiVersion=v2
    iv_integration.nodeAvailability.apiUrl=/v2/availability/node/
    iv_integration.networkAvailability.cached.apiUrl=/v2/availability/network/
    iv_integration.nodeAvailability.cached.apiUrl=/v2/availability/node/
    iv_integration.reservations.apiUrl=/v2/reservations/
  3. Ensure that the following properties are added to the customer overrides properties file.
    iv_integration.tenantId: default
    iv_integration.clientId: DEFAULT
    iv_integration.baseUrl: https://<SIPHOSTNAME>/inventory
    iv_integration.authentication.mode: JWT
    
    Note: When you create a secret in Sterling Order Management System Software, ensure that you add an ivSecret. For more information, see creating a secret.
  4. Select any of the following ways to generate JWT.
    • By using IBM Sterling Order Management System Software containers private-public key pair
      1. Install the OMEnviroment by adding the following JWT property to common parameter. For more information, see common parameter.
             jwt:
               algorithm: RS512
               audience: service
               issuer: oms

        The private key is imported to the keystore and public key is copied to sharedCertificates in Persistent Volume. For example, <sharedDirectory/jwtauth/operator.pub>.

      2. Configure this public key in OMS Gateway as explained in Creating a JWT issuer secret by using a public key.
    • By using your own private-public key pair
      1. Ensure that the following JWT properties are added to the customer overrides properties file.
        yfs.yfs.jwt.create.issuer: oms
        yfs.yfs.jwt.create.audience: service
        yfs.yfs.jwt.create.expiration: <TIME in seconds>
        yfs.yfs.jwt.create.pk.alias: operator
        yfs.yfs.jwt.create.algorithm: RS512
        yfs.yfs.jwt.create.userClaim: admin
        
      2. Copy the customer generated keystore (jks) into the shared directory of Persistent Volume. For example, /<SHARED_DIR>/jwtauth/jwt.jks.
      3. Configure the following JVM arguments properties for integration servers. The IV_ADJUST_IS and IV_ADJUST_ID integration servers require these JVM arguments.
        jvmArgs:
          - groupName: IVJVMArgs
            propertyList:
              - -Dhttps.protocols=TLSv1.2
              - -Dcom.ibm.jsse2.overrideDefaultTLS=true
              - -Dycp.jwt.auth.keyStore=/opt/ssfs/runtime/jwt
              - -Dycp.jwt.auth.keyStorePassword=${keyStorePassword}
              - -Dycp.jwt.auth.trustStore=/opt/ssfs/runtime/jwt
        
      4. Install the OMEnviroment by skipping the JWT section in spec so that Sterling Order Management System Software uses the user provided key-pairs.
      5. Configure this public key in OMS Gateway as explained in Creating a JWT issuer secret by using a public key.
      Note:
      • The Sterling Order Management System Software expects the alias name to be 'operator'. Hence, when generating the key-pairs, ensure to use the alias name as 'operator'.
      • Ensure to use the same keyStorePassword that is specified in the secret (the secret that is specified in the Sterling Order Management System Software containers configuration) when generating the key-pairs.
      • If you are using Sterling Intelligent Promising Operator certificate, ensure to add the root CA certificate [tls.crt] to the truststore of integration servers JVM.
      • If you are using your own certificate, ensure to add it to the truststore of integration servers JVM.