You are viewing the documentation for Blueriq 17. Documentation for other versions is available in our documentation directory.

 Table of contents

Subpages

License

Before you can start Blueriq you have to copy a valid license file into the license directory. The license file is called “license.aql”. You can find the directory here: [Blueriq installation directory]\Studio\Configuration\License.

Security and User Management

The Studio Server authenticates using OpenID Connect (with Keycloak), so that users login using credentials that are managed externally.

Authorization can be achieved by mapping roles/groups provided by the external provider to Encore/Studio roles (see Group access).

OpenID Connect for the Studio is currently only supported in combination with the provided Keycloak server, and only for a subset of the full OIDC specification and Keycloak features. While OIDC is an open standard, in practice there can be differences in the various implementations. This does not automatically exclude compatibility with other implementation, but we can not guarantee it.

Studio Server

To configure the Studio Server's connection to Keycloak, go to [Blueriq Installation directory]\Studio\Services\StudioService.exe.config and search for <security>. It contains an <oidc> element:

<oidc authority="http://localhost:15098/Keycloak/realms/BlueriqStudio15" clientid="studio-server" clientsecret="" rolespath="realm_access.roles">
  <rolemappingdao class="Aquima.Studio.Server.UserAccess.Xml.XmlRoleMappingDao, UserAccess">
    <parameters>
      <parameter value="../Configuration/Security/RoleMappings" />
    </parameters>
  </rolemappingdao>
</oidc>

The authority and client-secret have been configured during installation. To check the validity of the authority url, open [authorityUrl]/.well-known/openid-configuration in your browser, the result should be a JSON response.

To map the roles of an OIDC user to Blueriq roles, see Group access.

User Management

Studio connects to a Keycloak server provided with the Blueriq installation. Users may be managed via the admin console of the Keycloak server. This Keycloak server can also be configured to connect to an Active Directory with NTLM or Kerberos.

See the User management for more information about adding, editing, and deleting users in Keycloak.

See the Keycloak configuration for more information about the default configuration and user federation in Keycloak.

Management Service

Requests to the management service should use Basic authentication.

Logging

If any problem occurs with authorization or authentication you can use the  audit.log to trace and find the cause.

Data storage

Model data within the Blueriq Studio server is stored in one of two locations: work that is being done in a branch is stored in a relational database (PostgreSQL) until it is committed, at which point it is archived for long-term storage in a version control system separate from Blueriq Studio.

Both storage components are included and managed by the Blueriq Installer, no configuration is required.

Creating backups

To create a backup of all repositories on a server, two options exist: the Blueriq Repository Backup tool, which can be scheduled, or a manual download from Blueriq Encore.

Option 1: Blueriq Backup Tool

To backup all relevant content that is stored by Blueriq Encore, the Management Service has a SOAP operation to duplicate its data storage to a single file on disk. For typical automated backup strategies it is cumbersome to interact with a SOAP service, therefore Blueriq provides a tool that can be run from a batch/bash script to perform this operation.

The backup tool can be downloaded from the customer-area of my.blueriq. The tool can be run using the following parameters:

Basic authentication
java -jar blueriq-studio-backup-tool.jar backup --studioUrl=http://studio.server:160/Studio/Server/Services/ManagementService --username=user --password=password --path=backup/path/repository.zip

Please note that the provided path is in terms of the machine where Studio is installed on, not on the machine the tool is run from.

System Requirements

The backup tool requires Java 11.

Keep multiple days of backup

It is recommended that the file that is created by running the tool is not considered as primary backup, but replicated on a different machine and that backups from multiple days are retained! As such, we strongly advise to copy the resulting file somewhere safe and to avoid overwriting the backup of the prior seven days.

Backup has timed out

When experiencing timeouts during the creation of a backup using either the backup tool, you can adjust the timeout settings using the following guidelines:

Using the  --timeout parameter you can set the timeout period in seconds, when setting it to zero the timeout period will be removed completly.

java -jar blueriq-studio-backup-tool.jar backup --timeout=0

Option 2: Download from Blueriq Encore (max 2 GB)

  • Log in to Blueriq Encore as admin

  • Click on the cog icon in the bottom left corner
  • Go to the "Backup and restore" tab

  • Click on “Create backup” and save the file to a backup location.

Restoring backups

Only backups created from the same or older versions of Blueriq can be restored. If a backup of an older version is restored the repository is automatically upgraded by Blueriq.

Option 1: Blueriq Backup Tool

The backup tool as mentioned above can also be used to restore a backup using the following parameters:

java -jar blueriq-studio-backup-tool.jar restore --studioUrl=http://studio.server:160/Studio/Server/Services/ManagementService --username=user --password=password --path=backup/path/repository.zip

As is the case with creating a backup, the path in the above command is in terms of the machine where the Studio server is installed on, not on the machine the tool is run from.

Option 2: Upload in Blueriq Encore (max 2 GB)

  • Log in to Blueriq Encore as admin

  • Click on the cog icon in the bottom left corner
  • Go to the "Backup and restore" tab
  • Click on “Upload backup” and select the backup file
  • Click on "Restore backup" to resotre the backup

When the upload has completed all users are logged out and the system automatically refreshes. There is no need to restart the server.

Please note that repositories that exist before restoring a backup but are not present in the backup itself will remain intact!

Download Tool

The Blueriq Studio Backup Tool can be found on the Customers page under the button Studio Data Backup Tool

Commit hook

The commit hook is a feature that sends an HTTP request to a configured endpoint whenever a commit is performed from within Encore. This allows you to create buildpipelines that get triggered from Blueriq.

To enable this feature, add the configuration below to the studio section of the config file for Blueriq Studio Server (StudioService.exe.config).

<configuration>
  <studio>
    ...
	<commithook url="http://localhost:3210" />
    ...
  </studio>
</configuration>

Once you've configured the endpoint, each commit in Blueriq Encore will cause an HTTP POST request to be sent to the endpoint containing the information below.

{
  "repository": "MyRepository",
  "branch": "MyBranch",
  "tags": ["All", "Tags", "On", "The", "Commit"],
  "commitId": "d99ff38c-ac9f-4394-af79-7e1f235018c8",
  "user": "MyUserName",
  "message": "The message that was added to the commit"
}

Didn't find the answer you were looking for? Try the advanced search