News
B
BCI-Team
Moderator

Deprecation of Artifactory API keys for download of MES Orchestration Activities

Background Information

MES Orchestration uses a NuGet feed, hosted on a central Artifactory instance operated by BD, to retrieve activities used in custom workflows.
In order to authenticate with the Artifactory instance, Orchestration is shipped with a pre-configured default user and API key, which gives every installation of Orchestration access to the NuGet feed and allows the download of activities.
The company behind Artifactory (JFrog) has deprecated API keys as an authentication method and only allows Identity Tokens going forward (https://jfrog.com/help/r/platform-api-key-deprecation-and-the-new-reference-tokens/jfrog-s-legacy-of-api-keys).
BD will activate this change with an upcoming update of the Artifactory instance used by Orchestration (https://inside-docupedia.bosch.com/confluence/display/cines4info/Artifactory+-+API+Key+Deprecation).

Necessary Changes

For existing installations of Orchestration no immediate change is necessary. Orchestration retrieves activities once during startup and caches them locally on the server for further use. Errors regarding failed authentication / authorization will be logged during startup and in regular intervals, but these can be ignored. To suppress error logs, the automatic download of activities can be disabled through OpCon.Settings.xml.

<add key="WFControl.DownloadActivitiesAutomatically" value="false" />

For new installations or in case of changes to the workflows of an existing installation, the following steps need to be taken to allow the download of activities.

  1. Create a new SYSTEM user through IT Service Portal OR use an existing technical user

  2. Create Identity Token in Artifactory for the user.

    • Login using the credentials of the technical user

    • Click "Welcome, [USERNAME]" in the top-right corner and then "Edit Profile"

    • Re-enter the users password and click "Unlock"

    • Click "Generate an Identity Token"

    • (optional) provide a Description for the token

    • Click "Next" to create the token

    • Copy the value under "Reference Token" and store it safely

    • Click "Close" to close the dialog

  3. Configure Orchestration to use the user and identity token in OpCon.Settings.xml

    • Enter the username (without domain) as value for WFControl.PackageSourceUsername (e.g. xyz1fe)

    • Enter the identity token (optionally encrypted by OpCon.Crypt) as value for WFControl.PackageSourcePassword


      OpCon.Settings.xml

      <add key="WFControl.PackageSourceUsername" value="[USERNAME]" /><add key="WFControl.PackageSourcePassword" value="[IDENTITY_TOKEN]" />


HINT
Artifactory Identity Tokens have a default expiration of 180 days. If additional activities need to be downloaded after the expiration of an initially used token, a new one has to be created, following steps 2 & 3 above.