UPV WebServices Overview

The UPV Web Services is a serverbased centralized platform containing multiple optional submodules:

BrowserBasedViewing

View UPV models in a lightweight browser. Rendering is done on a separate machine.

BrowserBasedViewing

UPV Browser (in development)

Overview of available UPV models in a browser. Entry point for opening models.

UPV Browser

WorkFlowSystem

Create and manage workflows. Share and archive files generated in UPV.

Best in combination with BrowserBasedViewing

WorkFlowSystem

Prerequisites

Supported operating systems

  • Windows Server 2016 or 2019, Windows 10 1903 or newer
  • Linux (tested with Debian distribution)

Server

  • .NET Core hosting bundle 5.0
  • IIS 8 or later

Skillsets

When using WFS with MSSQL:

Database administration (backups and general administration) need to be handled on the customer side.

Database

All database operations are to be handled by the customer. It is recommended to do regular backups.

Direct data manipulation on the database is prone to error and should be avoided. CAXperts will extend the Web interface with common utilities necessary for ongoing operations on demand.

Supported database providers are: - Microsoft Windows SQL Server 2016 or later (MSSQL) - Sqlite

It is recommended to use SQL Server as this ensure all software features are supported. Sqlite is supported only as a fallback - mainly used for lightweight installations - and will only include a limited set of features.

WorkFlowSystem does not support Sqlite. BrowserBasedViewing and UPV Browser are Sqlite compatible.

Architecture overview

The solution consists of a server component and multiple frontend clients interacting with the server through the WebAPI. It is possible to extend the list of clients with a custom solution.

The IdentityServer is used for handling user authentication/authorization and can be extended to integrate with different OpenID Connect authority providers.

A MSSQL database handles the persistence layer for the business entities and user management.

CAXperts provides the deployment files, the operational part and infrastructure need to be handled on the customer side.

General Features

Translations

The service includes an excel file containing all translations. The customer is free to modify/extend this file with f.e. new keys or languages. It is recommended to use the language tag (f.e. “En-US”) so the browser language of the user is used automatically.

When modifying the translation excel file a restart of the service is required for the changes to take effect.

User management

User management is done using a combination of IdentityServer4 https://identityserver4.readthedocs.io/en/latest/intro/big_picture.html and ASP.NET Core Identity. Authentication is handled by a JWT Bearer Token.

There are two ways of managing logins:

1) A regular username/password system which is directly managed by UPV WebServices.

2) Using the IdentityServer4 infrastructure it is possible to combine existing user management systems with the UPV WebServices solution as an external provider. This makes it possible to relay the login request to the existing system and store this relation in the UPV WebServices database. This allows for a secure combination of multiple systems as there is no password or other secret stored on the UPV WebServices side.

Integrating into existing systems using OpenID Connect

The SignalingServer has the capability to depend on other Identity Providers supporting the OpenID Connect protocol. This is done using the project IdentityServer4. You can check it for further configuration options https://identityserver4.readthedocs.io/en/latest/ While we do not expose all possible configuration, we can consider doing so if requested.

This document shows the configuration process on based on the example of Microsoft Azure.

1) Set up a new App registration in Microsoft Azure Redirect URIs: set to <your signaling server url>/signin-adfs Enable ID tokens

2) Add your configuration the the sharedsettings.json

"ExternalAuthentication":{
   "OpenIdConnectOptions":[
      {
         "AuthenticationScheme":"adfs",
         "DisplayName":"ADFS Authentication",
         "Authority":"https://sts.windows.net/e1765baf-2fe4-4b9e-87eed130dde50afa",
         "ClientId":"73a79fe9-e843-4fea-8df3-eb136fae3300",
         "ResponseType":"id_token",
         "CallbackPath":"/signin-adfs",
         "SignedOutCallbackPath":"/signout-callback-adfs",
         "RemoteSignOutPath":"/signout-adfs",
         "TokenValidationParameters":{
            "NameClaimType":"name",
            "RoleClaimType":"role"
         }
      }
   ]
}

Add this configuration block at the first level of the configuration. Replace following entries with the values from your App registration: - Authority: Replace the ID in the url with your Directory (tenant) ID - ClientId: Application (client) ID - DisplayName: Optionally choose a different name to show to your user audience

3) Restart the IdentityServer

4) Check your IdentityServer url

There should now be the entry “ADFS Authentication” registered for external services.

Licensing

UPV WebServices uses a new licensing approach.

Licenses are managed in the cloud and require an internet connection for activating and synchronizing. Administrator accounts can manage the license at >baseurl>/administration/licenses in the web frontend.

The license key is activated and periodically synchronizes the conditions with the cloud license server. Each UPV WebServices Server instance occupies a seat.

The license contains information about activated submodules and restrictions: - BrowserBasedViewing_ConcurrentConnections: Limit of parallel BrowserBasedViewing Sessions including preloaded models - NamedUserCount: Limit of users which can be managed

-Please contact sales for individual details.

Api development

It is possible to directly interact with the WebAPI for implementing custom solutions.

For example, a customer can implement their own frontend client or integrate with the WFS based on an already existing solution.

While this is generally possible as the WFS is currently in BETA state. It is highly likely that the API will change and we cannot guarantee backwards compatibility at this point.

Therefor it would be best to limit eventual development endeavours till the API can be considered stable.

For an overview of the possible API commands visit the website: …/swagger/index.html

Serving models

The server can host UPV models secured by the OpenID connect protocol. This allows for a secured model access without further configuration required.

Place the model in the …/models directory on the IIS.

Example configuration in WFS:

There is a directory: …/models/demoPlantModel

In the plant/project administration use a relative link.

The model is reachable in upv at https://mywebupv.com/subpath/model/demoPlantModel and will trigger an OpenID Connect authentication request.