Stages Documentation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
74:cms_sharepoint_online [2021/05/05 09:11] fnpk74:cms_sharepoint_online [2024/02/15 00:00] (current) – external edit 127.0.0.1
Line 3: Line 3:
 ===== Sharepoint Online ===== ===== Sharepoint Online =====
  
-=== Example Configuration ===+You are able to connect Stages with SharePoint Online. A typical URL to SharePoint Online looks like ''https://companyname.sharepoint.com/'' 
 + 
 +==== Example Configuration ====
  
 <code xml> <code xml>
Line 21: Line 23:
 </code> </code>
  
-=== Host Properties ===+==== Host Properties ====
  
 These configuration properties affect the behavior of one SharePoint Online server. These configuration properties affect the behavior of one SharePoint Online server.
Line 68: Line 70:
   * Default Value: Document   * Default Value: Document
   * Description: Name of the **document**  content type. Sharepoint supports multiple content types but stages only supports the default type for documents.   * Description: Name of the **document**  content type. Sharepoint supports multiple content types but stages only supports the default type for documents.
 +  * Since Stages 7.5.6.2, 7.6.2.4 and 7.7.0.0 it is possible to define multiple content types. Separate them with a #. For example: 
 +<code xml>
 +<cms-property name="document.content.type.name" value="Document#MyDocument#RuleDocument" />
 +</code>
  
 > link.content.type.name > link.content.type.name
Line 73: Line 79:
   * Default Value: Link to a document   * Default Value: Link to a document
   * Description: The second content type which is supported by stages.   * Description: The second content type which is supported by stages.
- 
   * Known Issue: Typo in Default Value. Has to be Link to a **D**ocument   * Known Issue: Typo in Default Value. Has to be Link to a **D**ocument
 +  * Since Stages 7.5.6.2, 7.6.2.4 and 7.7.0.0 it is possible to define multiple link types. Separate them with a #. For example:
 +<code xml>
 +<cms-property name="link.content.type.name" value="Link to a document#My Link to a document#Rule Link to a document" />
 +</code>
  
 > use.system.account.for.download > use.system.account.for.download
Line 82: Line 91:
  
 ==== Azure Portal ==== ==== Azure Portal ====
 +
 +The integration uses [[https://learn.microsoft.com/en-us/graph/overview|Microsoft Graph API]]. To be able to use the API it is required to [[https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app#register-an-application|register and configure Stages as Azure App]].
  
 === Authentication === === Authentication ===
Line 91: Line 102:
 For the authentication process to work, you have to add the following redirect for **Web**  to the list:<code> For the authentication process to work, you have to add the following redirect for **Web**  to the list:<code>
  
- <protocol>://<stages-hostname>:<port>/stages/app/files/oauth_callback+https://<stages-hostname>/stages/app/files/oauth_callback
  
 </code> </code>
  
-  * Protocol: Microsoft only accepts __https__  expect for testing scenarios on localhost (then __http__  is valid as well) +  * Microsoft only accepts __https__  expect for testing scenarios on localhost (then __http__ is valid as well) 
-  * Stages-hostname: Hostname of the server, users can access the Stages application +  * Stages-hostname: Hostname of the server, users can access the Stages application. If Stages does not run on standard https port (443) you have to specify it.
-  * Port: Port Stages is running on (80 for http, 443 for httpsor any other custom port+
  
 == Example == == Example ==
Line 114: Line 124:
  
 </code> </code>
 +
  
 === API Permissions === === API Permissions ===
  
-In addition to the Redirect URIs, the application needs permissions for file handling in behalf of the user:+In addition to the Redirect URIs, the application needs [[https://docs.microsoft.com/en-us/graph/permissions-reference|permissions]] for file handling in behalf of the user. The permissions are all of the type [[https://learn.microsoft.com/en-us/graph/permissions-overview?tabs=http#delegated-permissions|delegated]]:
  
   * offline_access (Microsoft Graph, type delegated)   * offline_access (Microsoft Graph, type delegated)
   * Sites.ReadWrite.All (Microsoft Graph, type delegated)   * Sites.ReadWrite.All (Microsoft Graph, type delegated)
   * User.Read (Microsoft Graph, type delegated)   * User.Read (Microsoft Graph, type delegated)
 +
 +In some cases an **admin consent is required**. This can be done by a Global Administrator, an Application Administrator, or a Cloud Application Administrator. More information in [[https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/grant-admin-consent|Azure documentation]]. 
  
 The picture below shows, how this should look like: The picture below shows, how this should look like:
Line 127: Line 140:
 [[https://doc.stagesasaservice.com/lib/exe/detail.php?id=74:cms_sharepoint_online&media=cms:azure_permissions.png|{{:cms:azure_permissions.png}}]] [[https://doc.stagesasaservice.com/lib/exe/detail.php?id=74:cms_sharepoint_online&media=cms:azure_permissions.png|{{:cms:azure_permissions.png}}]]
  
-=== Repository Configuration ===+=== Certificates & secrets === 
 + 
 +It is required to generate a client secret for Stages. It's recommended to choose expire never or a long duration. If the secret expires it must be changed in Stages and all users have to re-authenticate. 
 + 
 + 
 +[[https://doc.stagesasaservice.com/lib/exe/detail.php?id=74:cms_sharepoint_online&media=cms:azure_certificates_secrets.png|{{:cms:azure_certificates_secrets.png}}]] 
 + 
 +==== Repository Configuration ====
  
 Access to SharePoint Online projects can be configured in Stages processes via “Management > File Management > Repositories”. [[https://doc.stagesasaservice.com/lib/exe/detail.php?id=74:cms_sharepoint_online&media=cms:spo-repository.png|{{  :cms:spo-repository.png  }}]] Access to SharePoint Online projects can be configured in Stages processes via “Management > File Management > Repositories”. [[https://doc.stagesasaservice.com/lib/exe/detail.php?id=74:cms_sharepoint_online&media=cms:spo-repository.png|{{  :cms:spo-repository.png  }}]]
Line 158: Line 178:
 > Default Lifecycle Select a lifecycle from the process metamodel as default for files from this repository. > Default Lifecycle Select a lifecycle from the process metamodel as default for files from this repository.
  
 +==== Known Limitations ====
 +
 +=== Behavior of Lock/Unlock ===
 +
 +Currently, the graph API only supports checkin/checkout and no Undo-Checkout. So for every lock/unlock a new version of that file is created in sharepoint online.
 +
 +=== Initial commit ===
 +
 +Creates two versions (one for the creation of a new file/ second for updating the properties)
 +
 +=== Set State ===
 +
 +After setting the state of a Sharepoint Online document, the assignment to the Stages user gets lost. The modifier will be the Sharepoint Online user instead of the Stages user.
 +
 +=== Major / Minor Version ===
 +
 +The Graph API, wich is used by the SharePoint Online Adapter, does currently not support setting major/minor versions when uploading a file.
 +
 +=== Action before authentication ===
 +
 +If the current user is not authenticated yet and performs an action, the authentication dialog will be opened. After the authentication the user has to performs the action again.
 +
 +
 +==== Troubleshooting ====
 +
 +=== Error AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application ===
 +
 +Check the Redirect URI in Azure Portal
 +
 +=== Unknown certificates ===
 +
 +At the moment this public CAs are required:
 +
 +  * DigiCert Global Root CA
 +    * valid until 10 Nov 2031 00:00:00 GMT
 +    * SHA1: A8:98:5D:3A:65:E5:E5:C4:B2:D7:D6:6D:40:C6:DD:2F:B1:9C:54:36
 +    * SHA256: 43:48:A0:E9:44:4C:78:CB:26:5E:05:8D:5E:89:44:B4:D8:4F:96:62:BD:26:DB:25:7F:89:34:A4:43:C
 +  * DigiCert Assured ID Root G2
 +    * Valid unitl: 15 Jan 2038 12:00:00 GMT
 +    * SHA1: A1:4B:48:D9:43:EE:0A:0E:40:90:4F:3C:E0:A4:C0:91:93:51:5D:3F
 +    * SHA256: 7D:05:EB:B6:82:33:9F:8C:94:51:EE:09:4E:EB:FE:FA:79:53:A1:14:ED:B2:F4:49:49:45:2F:AB:7D:2F:C1:85
 +  * Microsoft RSA Root Certificate Authority 2017
 +    * Valid until Fri, 18 Jul 2042 23:00:23 GMT
 +    * SHA1: 73:A5:E6:4A:3B:FF:83:16:FF:0E:DC:CC:61:8A:90:6E:4E:AE:4D:74
 +  * DigiCert Global Root G2
 +    * Valid until Fri, 15 Jan 2038 12:00:00 GMT
 +    * SHA1: DF:3C:24:F9:BF:D6:66:76:1B:26:80:73:FE:06:D1:CC:8D:4F:82:A4
 +    * SHA256: CB:3C:CB:B7:60:31:E5:E0:13:8F:8D:D3:9A:23:F9:DE:47:FF:C3:5E:43:C1:14:4C:EA:27:D4:6A:5A:B1:CB:5F
 +
 +
 +[[https://www.digicert.com/kb/digicert-root-certificates.htm|Download DigiCert-Certificates]]
  
 +[[https://www.microsoft.com/pkiops/Docs/Repository.htm|Download Microsoft-Certificate]]