Installing the Back-End
The enaio® coLab back-end API has been programmed as a Spring Boot application. enaio® coLab uses Spring Boot 1.4.2.
Getting Started
Before you set up the back-end, copy all resources in <colab-install>\colab-app to a local folder (<colab-localfolder>).
Next, use SAM tools to install enaio® coLab.

-
In the command prompt window, navigate to the <enaio_install>\service-manager\tools\sam directory.
-
Run the following command: sam install <colab_localfolder>\colab-app.jar
A message appears indicating that the configuration has been saved and enaio® coLab installed.
-
Copy the <colab-localfolder>\colab-prod.yml file to the <enaio_installation>\service-manager\config directory.
Configuration
Customize the application properties in the configuration file:
<enaio_installation>\service-manager\config\colab-prod.yml.
The following describes how to modify different sections of the configuration file.
Validate the .yml file using a tool of your choice after you have completed the configuration. The app cannot be started if the .yml file is invalid.

global: service: baseUrl: http://<gateway_IP>/colab view: baseUrl: http://<gateway_IP>/colab
global.service.baseUrl should reference the back-end URL and global.view.baseUrl, which users use as the access point. If you are using HTTPs, you will need to change the protocol accordingly.

epr: smtp: host: 127.0.0.1 port: 26 from: name: "enaio(c) coLab" address: enaio-colab@colab.dev auth: enable: true username: username password: pass
Set the SMTP properties in accordance with the settings of the system on which enaio® coLab was installed. If your e-mail server does not require authentication, you will not need an auth parameter.

The store parameter in the file-repository area should be set to fs.
file-system-dir: Parameter that defines the path where temporary files will be stored. The specified directory must be available in the file system (e.g., C:\data).
bucket: The bucket directory must be available in the file system within the file-system-dir path (e.g., C:\data\bucketdir).

In the Postgres area, uri is the URL of the Postgres server. The user name and password are valid for the enaio® coLab user you created when you installed Postgres. If your database and enaio® coLab are located on the same server, use localhost as the URL.
If Postgres and enaio® coLab are located on different servers, add the Postgres URL by following the steps below:
-
Open the C:\Program Files\PostgreSQL\10\data\pg_hba.conf configuration file and search for the host all all 127.0.0.1/32 md5 entry.
-
Copy and paste the line below.
-
Replace the IP 127.0.0.1 with your server IP address and save the file.
-
To reload the Postgres configuration, open 'pgAdmin 4' as a Postgres user.
-
Run the following query:
select pg_reload_conf();

enaio® coLab uses Flyway by Boxfuse for database migrations. All migrated files are saved to resources\db\migration\.
The baseline-on-migrate property informs Flyway whether to run the script to create a database. If the database already exists, set the property to true. If the property is set to false, the script is called and a new database is created.

Navigate to the <enaio_installation>\service-manager\config\ directory, open the application-cloud.yml file, and enter the following:
enaio: blue: gateway: address: <gateway_IP> zuul: routes: osrenditioncache: path: /osrenditioncache/** url: http://${enaio.blue.gateway.address}/osrenditioncache/ osrest: path: /osrest/** url: http://${enaio.blue.gateway.address}/osrest/
The key part is:
** enaio: blue: gateway: address:
This is the address of enaio® gateway. Make sure that enaio® gateway is accessible for enaio® coLab. The zuul parameters are the same across all environments.

Navigate to the <enaio_installation>\service-manager\config\ directory, open the application-prod.yml file, and enter the following:
feign: hystrix: enabled: false

Navigate to the <enaio_installation>\services\os_gateway\apps\os-gateway\config\ directory, open the application-prod.yml file, and enter the following:
proxy: services: endpoints: - endpoint: name: colab url: 'http://<colab-IP>:8066'
Update the settings for external user login:
Replace:
handleRedirectsFromService: 'OSWebClient,osweb'
with:
handleRedirectsFromService: 'OSWebClient,osweb,epr,colab'
If the entry does not exist, create it now:
proxy: services: handleRedirectsFromService: 'OSWebClient,osweb,epr,colab'
When you are done, restart enaio® gateway.
Make the settings for enaio® server in the following configuration file:
<colab-install>\colab-app\application_blue.yml.

enaio.dms.username: <enaio_user> enaio.dms.password: <enaio_pw> server: enaiodms1.example.com:4000:50#enaiodms2.example.com:4000:50
All enaio® servers must be listed here.
Login for External Users
You can configure the login settings for external users in enaio® coLab in the colab-prod.yml file. Users can log in using their Google, LinkedIn, or Microsoft accounts, or using Keycloak as the authentication instance.

To allow users to log in using their Microsoft accounts, follow these steps:
-
Sign in to https://console.developers.google.com.
-
Create a new project and go to the Credentials area.
-
Click Create credentials and choose OAuth client ID.
-
Select Web application as the application type.
-
Retrieve the client ID and client secret and enter this information in the appropriate area in the colab-prod.yml configuration file.
-
Click Authorized JavaScript origins and enter your domain with the protocol where enaio® gateway is installed.
For example: http://<gateway-IP>:colab
-
Under Authorized redirect URIs enter your domain name, followed by /epr/login/google/.
For example: http://<gateway-IP>/colab/epr/login/google
- Modify the <enaio_installation>\service-manager\config\colab-prod.yml file:
google: enable: true client: clientId: <client_id> clientSecret: <client_secret> accessTokenUri: https://accounts.google.com/o/oauth2/token userAuthorizationUri: https://accounts.google.com/o/oauth2/auth clientAuthenticationScheme: form scope: profile email pre-established-redirect-uri: ${global.view.baseUrl}/epr/login/google use-current-uri: false resource: userInfoUri: https://www.googleapis.com/oauth2/v3/userinfo

To allow users to log in with their LinkedIn accounts, follow these steps:
-
Log in to https://developer.linkedin.com/docs/oauth2 and perform step 1 only. After you have received the authentication keys (client ID and client secret), enter them in the corresponding section of the colab-prod.yml configuration file.
-
Once the application has been created, enter your domain name under Authorized redirect URLs (along with the protocol and port), followed by /epr/login/linkedin.
- Modify the <enaio_installation>\service-manager\config\colab-prod.yml file:
linkedin: enable: true client: clientId: <client_id> clientSecret: <client_secret> accessTokenUri: https://www.linkedin.com/oauth/v2/accessToken userAuthorizationUri: https://www.linkedin.com/oauth/v2/authorization clientAuthenticationScheme: form scope: r_liteprofile,r_emailaddress pre-established-redirect-uri: ${global.view.baseUrl}/epr/login/linkedin use-current-uri: false resource: userInfoUri: https://api.linkedin.com/v2/me

To allow users to log in using their Microsoft accounts, follow these steps:
-
Log in to https://portal.azure.com and use the search field to search for App registration.
- Click 'New registration', enter the relevant information in each of the fields, and click 'Register'.
The application ID/client ID and object ID are displayed.
- Click 'Certificates & secrets', followed by 'New client secret'.
- Copy the value of 'Client secret'.
Microsoft displays the client secret only once.
-
Navigate to 'Authentication', click Add a platform, select Web on the configuration platform, then go to 'RedirectURL' and enter your domain name and protocol, followed by /epr/login/microsoft.
For example: http://<gatewayIP>/colab/epr/login/microsoft
When you are finished, enter the client secret along with the app key in the corresponding section of the colab-prod.yml configuration file.
- Modify the <enaio_installation>\service-manager\config\colab-prod.yml file:
micorsoft: enable: true client: clientId: <client_id> clientSecret: <client_secret> accessTokenUri: https://login.microsoftonline.com/common/oauth2/v2.0/authorize userAuthorizationUri: https://login.microsoftonline.com/common/oauth2/v2.0/authorize clientAuthenticationScheme: form scope: openid,profile,User.Read pre-established-redirect-uri: ${global.view.baseUrl}/epr/login/microsoft use-current-uri: false resource: userInfoUri: https://graph.microsoft.com/v1.0/me

It is possible to use Keycloak as the authentication instance in enaio® coLab. You first need to install and configure Keycloak using the installation files and following the instructions available at https://keycloak.org. User accounts are managed using your Keycloak instance.
To use Keycloak as the authentication instance in enaio® coLab, add the following configuration to the colab-prod.yml file:
keycloak: title: {keycloak-realm-name} enable: true client: clientId: {keycloak-client-id} clientSecret: {keycloak-client-secret} accessTokenUri: http://{keycloak-server}/auth/realms/{keycloak-realm-name}/protocol/openid-connect/token userAuthorizationUri: http://{keycloak-server}/auth/realms/{keycloak-realm-name}/protocol/openid-connect/auth clientAuthenticationScheme: header scope: profile email openid resource: userInfoUri: http://{keycloak-server}/auth/realms/{keycloak-realm-name}/protocol/openid-connect/userinfo
All parameters in {} must be replaced (this also includes the curly brackets) with the corresponding values from your environment.
To check that the changes were applied after updating enaio® coLab, go to http://127.0.0.1:7273 > coLab app. Click 'Details' and then 'Environment.' Search for the Keycloak properties and check that they are included in the list.