You are viewing the documentation for Blueriq 15. Documentation for other versions is available in our documentation directory.
Table of contents
- IE Security Setting
- Enable Authorization Rules in IIS
- Kerberos support
- Using Microsoft Edge for Blueriq Studio
- Studio Security Modes
- Keycloak configuration
This chapter describes how to configure Blueriq Studio before getting started.
Before you can start Blueriq you have to copy a valid license file into the license directory. The license file is called “license.aql”. You can find the directory here: [Blueriq installation directory]\Studio\Configuration\License.
Security and User Management
During the installation of Blueriq Studio you have chosen a security mode.
See Studio Security Modes for a detailed description of each security mode.
If any problem occurs with authorization or authentication you can use the audit.log to trace and find the cause.
Secure the administration page
By default the administration page is not secured, which means that any user that can access the environment on which Studio or the Runtime is located can also access the administration page. A user can download/upload the repository through the administration page, so you might want to allow only specific users to access this page.
To achieve this you have two possibilities:
- You can secure the administration page through IIS.
- You can restrict the administration page to all Studio users.
First open the Internet Information Services (IIS) Manager from the Start menu on the machine where Blueriq is installed.
Browse to the administration site by expanding the tree on the left as shown below and double click Authentication.
By default IIS allows Anonymous access to the site.
Disable Anonymous Authentication and enable Basic Authentication by right clicking the appropriate authentication and choosing enable/disable.
Now when you browse to the administration page, a popup will be shown asking for credentials. But first we must specify which users and/or groups can access the administration page.
To do this, first return to the administration site and select authorization rules.
Please note: if you do not see authorization rules as shown below, you must first enable this feature in IIS.
By default all users have access.
Remove the entry allowing all users access by right-clicking on it and choosing remove. Then you can add a new Allow rule by right-clicking. Here you can specify users or groups from both the local machine or the active directory if the machine is part of a domain.
Please note that this is not related to the authentication you have chosen for the Studio. So for example you can configure the Studio with one of the NTLM modes to authenticate against active directory, while you can secure the administration page with a local user on the machine.
Studio users
Another way to restrict the administration page, is by restricting it to all Studio users. This relies on the authorization mechanism that Studio uses. To configure this, you have to change the configuration of the administration page. This can be found in the [Blueriq installation directory]\Studio\wwwroot\Administration\Web.config
The administration page uses a connection to the management service. This connection requires a username and password, which by default is set during the installation of Blueriq:
<managementservice> <connection url="http://localhost:8095/Services/ManagementService" user="administrationpage" password="administrationpage"/> </managementservice>
If the user and password in this configuration is cleared, the administration page will prompt for authorization when accessed. When the username and password of a Studio user is entered, the administration page will be shown.
Please note that the user
and password
tag have to exist in the configuration, so clear their values instead of removing them. Example:
<managementservice> <connection url="http://localhost:8095/Services/ManagementService" user="" password=""/> </managementservice>
Data storage
Model data within Blueriq Studio is stored in one of two locations: work that is being done in a branch is stored in a relational database (PostgreSQL) until it is committed, at which point it is archived for long-term storage in a version control system separate from Blueriq Studio.
Both storage components are included and managed by the Blueriq Installer, no configuration is required.
Creating backups
To create a backup of all Studio data, two options exist: the Blueriq Repository Backup tool, which can be scheduled, or a manual download from the administration page.
Option 1: Blueriq Backup Tool
To backup all relevant content that is stored by Blueriq Studio, the Management Service has a SOAP operation to duplicate its data storage to a single file on disk. For typical automated backup strategies it is cumbersome to interact with a SOAP service, therefore Blueriq provides a tool that can be run from a batch/bash script to perform this operation.
The backup tool can be downloaded from the customer-area of my.blueriq. The tool can be run using the following parameters:
java -jar blueriq-studio-backup-tool.jar backup --studioUrl=http://studio.server:140/Studio/Server/Services/ManagementService --username=user --password=password --path=backup/path/
java -jar blueriq-studio-backup-tool.jar backup --studioUrl=http://studio.server:140/Studio/Server/Services/ManagementService --auth-type=ntlm --username=DOMAIN\user --password=password --path=backup/path/
java -jar blueriq-studio-backup-tool.jar backup --studioUrl=http://studio.server:140/Studio/Server/Services/ManagementService --auth-type=kerberos --username=DOMAIN\user --password=password --path=backup/path/
Please note that the provided path is in terms of the machine where Studio is installed on, not on the machine the tool is run from.
System Requirements
The backup tool requires Java 11.
NTLM and Kerberos authentication require at least version 1.4.0 of the backup tool.
Keep multiple days of backup
It is recommended that the file that is created by running the tool is not considered as primary backup, but replicated on a different machine and that backups from multiple days are retained! As such, we strongly advise to copy the resulting file somewhere safe and to avoid overwriting the backup of the prior seven days.
Option 2: Download from the administration page
Open the administration page from the welcome page and open the “Repository” tab.
Click on “Create Backup” and save the file to a backup location.
Restoring backups
Only backups created from the same or older versions of Blueriq Studio can be restored. If a backup of an older version is restored the repository is automatically upgraded by Blueriq Studio.
Option 1: Blueriq Backup Tool
The backup tool as mentioned above can also be used to restore a backup using the following parameters:
java -jar blueriq-studio-backup-tool.jar restore --studioUrl=http://studio.server:90/Studio/Server/Services/ManagementService --username=user --password=password --path=backup/path/
As is the case with creating a backup, the path in the above command is in terms of the machine where Studio is installed on, not on the machine the tool is run from.
Option 2: Upload in administration page
Open the administration page from the Welcome page and open the “Repository” tab
Click on the “Browse” button near the “Upload Backup” button, browse to the backup file and click “Upload Backup”.
When the upload has completed all users are logged out and the system automatically refreshes. There is no need to restart the server.
Please note that repositories that exist before restoring a backup but are not present in the backup itself will remain intact!
Download Tool
The Blueriq Studio Backup Tool can be found on the Customers page under the button Studio Data Backup Tool
Commit hook
The commit hook is a feature that sends an HTTP request to a configured endpoint whenever a commit is performed from within studio. This allows you to create buildpipelines that get triggered from Blueriq.
To enable this feature, add the configuration below to the studio section of the config file for Blueriq Studio (StudioService.exe.config).
<configuration> <studio> ... <commithook url="http://localhost:3210" /> ... </studio> </configuration>
Once you've configured the endpoint, each commit in Blueriq Studio will cause an HTTP POST request to be sent to the endpoint containing the information below.
{ "repository": "MyRepository", "branch": "MyBranch", "tags": ["All", "Tags", "On", "The", "Commit"], "commitId": "d99ff38c-ac9f-4394-af79-7e1f235018c8", "user": "MyUserName", "message": "The message that was added to the commit" }