Getting Started with ThreadConnect Integration Platform as a Service

ThreadConnect Integration Platform Setup

Create your secure environment and prepare to create a ThreadConnect service instance.

To use the ThreadConnect Integration Platform service, you must first subscribe to the Predix User Account and Authentication (UAA) service as the trusted issuer. You can use the UAA dashboard or the Cloud Foundry command line interface to create and configure your service.

Setup Task Roadmap

Note:

If you have used other services from the Predix Catalog, you probably have UAA services set up and can use the existing UAA credentials. You can create up to 10 service instances from the same UAA client. If this is the case, you can start with Step 4 in the Setup Task Roadmap to create your TheradConnect service instance.

#TaskDescription
1(Optional) Configure your proxy settings.Depending on your location and network configuration, you might need to configure your proxy settings to access remote resources. See t_defining_proxy_connections_to_remote_resources.html#task_97cc6304-e168-459d-9952-a45708ff8361.
2Subscribe to the User Account and Authentication service and Create the UAA service instance as the trusted issuer.
  1. Log into your Predix account at https://www.predix.io.
  2. Navigate to the Catalog > Services tab and click the User Account and Authentication tile.
  3. Click Subscribe on the required plan to open the UAA dashboard where you will set up your UAA service instance.

See uaas-get-started.html#task_y1l_vms_2s

You can create a maximum of 10 UAA instances in your space. As a best practice, use the same UAA instance for your services. Optionally, you may use the Cloud Foundry command-line interface (CLI) to create your UAA instance.
3Configure your UAA service instance .In the UAA dashboard, click Configure button to continue your setup. In this dashboard you can configure the OAuth2 client and, optionally, create user groups, and add users to the groups.
Create and configure Oauth2 clients to set up access to your service authenticated using UAA.When you create a UAA instance, an admin client is automatically created for you to access UAA for additional configuration. You must also create a new client for your service instance with specific scopes.

See

If an Oauth2 client already exists, you can update the client to add your service instance.

See uaas-managing-clients.html#task_79a81b74-552e-4f74-abfc-bd37e6adac87.

4Bind your application to the service instance.See uaas-get-started.html#task_155dd0e5-ca06-45d3-833e-686a71f0ca98.
5Configure your ThreadConnect service instance.Continue in tcip-getting-started.html#task_t2z_23b_xbb

Configuring OAuth2 Clients to Provide Users Access to the ThreadConnect Integration Platform as a Service

Create OAtuth2 clients for foundation access to the Thread Connect Integration Platform.

About This Task

You must create and configure OAuth2 Clients to provide users access to the ThreadConnect Integration Platform.

Before You Begin

You must have configured UAA and created the OAuth2 Client.

Procedure

  1. Create a new client by selecting the Create Client button.
  2. In the Authorized Grant Types tab, deselect client_credentials. Then, select authorization_code and refresh_token.
  3. Enter a value for the Client id.
  4. Enter the Client Secret.
  5. Enter openid in the Scope field.
  6. Enter openid in the Auto Approved Scopes field.
  7. In the Redirect URI field, add this value: http*://*.digital.ge.com/**

Creating User Access to ThreadConnect Integration Platform as a Service

Create user definitions for the clients you have set up for access to the ThreadConnect Integration Platform.

About This Task

You must create and create users associated with the OAuth2 clients for access to the ThreadConnect Integration Platform.

Before You Begin

You must have configured UAA and created the OAuth2 Client.

Procedure

  1. Create a new user by selecting the Create User button.
  2. Enter the desired user name.
  3. Enter the user's email address.
  4. Enter the user's password that will be used to log in to the ThreadConnect service instance.

    Be sure to remember the client and User information; you will need it to create a ThreadConnect service isntance.

Creating a ThreadConnect Service Instance

Create a service instance of ThreadConnect Integration Platform as a Service and start creating robust flows.

Before you Begin ...

Before creating a service instance for ThreadConnect you must have the base URLs for UAA instances that the ThreadConnect service instance will trust. See tcip-getting-started.html#reference_tht_zsc_vbb.

Procedure

  1. Sign into your Predix account at https://www.predix.io.
  2. Navigate to Catalog > Services tab, and click the ThreadConnect service tile.
  3. Click Subscribe on the required plan.
  4. On the new Service Instance page, enter the following information:
    FieldDescription
    OrgSelect your org.
    SpaceSelect the space for your application.
    User Account & Authentication (UAA)Choose an existing UAA instance or create a new instance of UAA. For more information, see uaas-get-started.html#task_y1l_vms_2s
    Service instance nameSpecify a unique name for your instance.
    Service PlanSelect a plan.
    Client idEnter the Client ID.
    clientSecretEnter the clientSecret you defined earlier.
    identityZoneIdEnter your UAA identity Zone ID used to create the UAA service instance.

Using Cloud Foundry Commands to Create your ThreadConnect Service Instance

Procedure

  1. List the services in the Cloud Foundry marketplace.
    cf marketplace

    The ThreadConnect service, thread-connect-service, is listed as an available service.

  2. Create an ThreadConnect service instance.
    cf create-service threadconnect <plan> <my_threadconnect_service_instance>  -c
                        '{"trustedIssuerIds":["https://<predix-uaa-instance-uri>/oauth/token"],
                        "clientId":"<clientId>", "clientSecret":"<clientSecret>", 
                        "identityZoneId":"<predix-uaa-instance-guid>"}'

    where:

    <plan> is the plan associated with a service.

  3. Bind your ThreadConnect gateway service instance to your application to provision connection details for your service instance in the VCAP environment variables. Cloud Foundry runtime uses VCAP_SERVICES environment variables to communicate with a deployed application about its environment.
    Use the Cloud Foundry CLI to log into Cloud Foundry:
    cf login
  4. Bind your application to the service instance you created.
    cf bind-service <application_name> <my_threadconnect_instance>
  5. Restage your application to ensure that environment variable changes take effect:
    cf restage <application_name>
  6. View the environment variables for your application:
    cf env <application_name>
    The environment variables which contain your basic authorization credentials are shown:client ID and the endpoint URI:
    {
     "VCAP_SERVICES": {
      "threadconnect": [
       {
        "credentials": {
         "uri": "https://tc-service-proxy.run.aws-usw02-pr.ice.predix.io",
         "zone": {
          "http-header-name": "Predix-Zone-Id",
          "http-header-value": "48767c33-974e-434a-a687-5bc08ba6cef1",
          "oauth-scope": "threadconnect.zones.48767c33-974e-434a-a687-5bc08ba6cef1.user"
         }
        },
        "label": "threadconnect",
        "name": "tc-service-test2",
        "plan": "Beta",
        "provider": null,
        "syslog_drain_url": null,
        "tags": [],
        "volume_mounts": []
       }
      ]
     }
    }

    To access your ThreadConnect instance, you must navigate to your unique Dashboard URL, which can be found with the following command: cf service <my_threadconnect_instance>

    After you navigate to this URL, you will be asked for your login credentials, which will be the same as the User that you set up in your Trusted Issuer.

  7. Add the oauth-scope to your client or user in the UAA Authority.
  8. Add the ThreadConnect scope to the UAA instance.
    After you submit the command to create your service instance, the system creates your new platform. This process typically requires 10 to 15 minutes. If you try to access the UI before the platform is fully created, you will receive a connection error. If after 20 minutes you still cannot access the UI for the platform, contact the Support team at [email protected]