Polarion Linux Installation - Siemens · Chapter2: Systemrequirementsandrecommendations Serversoftware Requirement Description OperatingSystem SUSELinuxEnterpriseServer11(SP3orhigher)or12,orRedHat

SIEMENSSIEMENSSIEMENS

Polarion LinuxInstallation 17.2

POL004 • 17.2

Contents

About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1Evaluation installations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-1Large-scale installations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1-2

System requirements and recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1Server software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-1Server hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2Client software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2Client hardware . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2-2

Additional recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1Libraries required for building the demo projects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1Install fonts for exporting Highchart charts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1Enable email notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-1Enable support for Javadoc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2Hide versions of installed components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3-2

Linux installation and overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1Installation types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1Automated installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-1Supported Linux versions for automated installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2Automated installation overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-2Manual installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4-3

Automated installation procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5-1

System startup and shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1Secure the activation application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1Starting Polarion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-1Shutting down Polarion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2Starting and stopping the PostgreSQL database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-2Integration with Systemd . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3Integration with Init System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6-3

After installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1Configure the PostgreSQL database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-1Optimizing the PostgreSQL database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-2Securing the Polarion activation application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3Change the default System Administrator password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-3Changing the password for the SVN ‘polarion’ user . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5

POL004 17.2 Polarion Linux Installation 3

Contents

Enter an Error Reporting Email . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7-5

Configuring OLE object support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1Installation and configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-1Configuring Polarion for OLE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8-2

Configure Attachment Preview Generator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1

Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1Installation and configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-1Configuring Polarion for Preview Generator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9-2

Licensing and Activation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1Using Different License Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1Assigning Named and Concurrent Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-1License usage log file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10-2

Subversion optimization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11-1

Multiple repository setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12-1

Accessing the Polarion Portal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13-1

LDAP authorization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14-1

Configuring Single Sign-on (SSO) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1

Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1SAML SSO . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1

SAML authentication procedure flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-1Basic configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-2Optional configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-4Other notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-6

Kerberos SS0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-7Authentication procedure flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-7Prerequisites - Configuring the domain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-7Polarion configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-9Configuring client browsers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-11Authentication fallback for external users using Kerberos . . . . . . . . . . . . . . . . . . . . . . 15-14

Teamcenter SSO . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-15Authentication procedure flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-15Prerequisites - TcSS configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-16Polarion Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-16

Other SSO considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-17Subversion access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-17

4 Polarion Linux Installation POL004 17.2

Contents

Contents

Direct access to subversion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-17Features requiring special configuration in an SSO setup . . . . . . . . . . . . . . . . . . . . . . 15-18Subversion repository access during Polarion update . . . . . . . . . . . . . . . . . . . . . . . . . 15-18Internal log-on pop-up behavior . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-19

Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-19SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-19Enable logging of SAML response . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-19Enable international file encoding support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-19Kerberos Hints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15-21

Next steps after installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16-1

Removing Polarion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17-1

Technical support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18-1

APPENDIX . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-1

Default users and groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-1Enabling email notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-1Manual installation on Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-11. System requirements and recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-2Required third-party software components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-2Configure third-party components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-5Install Polarion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-11Configure Polarion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-13Next steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19-13

Supported Microsoft Office® versions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20-1

POL004 17.2 Polarion Linux Installation 5

Contents

Chapter 1: About this guide

OverviewWelcome and thanks for using Polarion.

This guide covers installation information and procedures for creating a production installation forall Polarion products based on the Polarion Application Lifecycle Management Platform. The list ofproducts covered by this guide currently includes:

• Polarion ALM™

• Polarion REQUIREMENTS™

• Polarion QA™

In general, the information is applicable to all the above products. Any product-specific differenceswill be explicitly noted. The information covers both new installations and, where applicable, updatingof existing installations.

This guide applies to installation of the above Polarion products on supported Linux operatingsystems.

If you want to install a product on a Windows system, please see the separate Windows Installationdocument. (Download the PDF version from Polarion's website.)

Evaluation installationsIf you are installing Polarion for evaluation purposes, we recommend the Polarion ALM™ Trial Guide(Download the PDF version from Polarion's website.). It focuses on getting you up and runningwith an evaluation installation as quickly as possible, using the Evaluation install option of theWindows installer.

This is recommended for the initial stage of any evaluation.

POL004 17.2 Polarion Linux Installation 1-1

https://polarion.plm.automation.siemens.com/resources/download/polarion_install_guide_win

https://polarion.plm.automation.siemens.com/hubfs/Docs/Guides_and_Manuals/Polarion_Trial_Guide.pdf


Large-scale installationsIf you need a large-scale server environment with multiple clustered servers and failover capabilities,multiple repositories and so forth, see the Polarion ALM™ Enterprise Setup document. (Downloadthe PDF version from Polarion's website.)

Topics covered there include:

• Requirements

• Installation use cases

• Configuring shared data

• Security options

• Using Resource Traceability in a cluster

1-2 Polarion Linux Installation POL004 17.2


https://polarion.plm.automation.siemens.com/resources/download/polarion_enterprise_setup_guide

Chapter 2: System requirements and recommendations

Server softwareRequirement Description

Operating System SUSE Linux Enterprise Server 11 (SP 3 or higher) or 12, or Red HatEnterprise Linux 6.x or 7.x (7.2 or higher)/CentOS 6.x or 7.x (7.2 or higher),or Debian GNU/Linux 7.0 or 8.0, or Ubuntu Server 14.04 LTS or 16.04 LTS.

Supported architectures are x86_64, or amd64.

URW fonts must be installed in the operating system. For SUSE, use theghostscript-fonts-std package from Ghost Script Fonts.

Java RuntimeEnvironment

Java Platform, Standard Edition Development Kit 8 - Oracle JDK 8.(http://www.oracle.com/technetwork/java/javase/downloads/index.html)

OpenJDK 8 is not the same as Oracle Java 8 and is not officially supported.JAVA_HOME/bin should exist in the system paths.

Polarion only supports 64 bit versions of Java.Version ControlSystem

Subversion version 1.6.x, 1.7.x, 1.8.x, or 1.9.x:http://subversion.apache.org/. If you are compiling Subversion yourself,compile using the –with-apsx or the –with-httpd option.

Web Server Apache HTTPD server with mod_proxy_ajp and Subversion extension(WebDAV+SVN apache modules): http://httpd.apache.org/

In general, the Polarion server should run with whatever Apache versionis present on a Linux system provided it is at least the minimum requiredversion (2.2), and mod_proxy_ajp and Subversion extension modules arealso installed.

Database Minimum: PostgreSQL version 8.4

Recommended: PostgreSQL version 9.2 or higher1


http://software.opensuse.org/package/ghostscript-fonts-std

http://www.oracle.com/technetwork/java/javase/downloads/index.html

http://subversion.apache.org/.

http://httpd.apache.org/


Server hardwareRequirement Description

RAM • Minimum: 4 GB (gigabytes) for production installation.

• Recommended: 8 GB or moreDisk Storage Space • Minimum: 10 GB

• Recommended: 40 GB or more

There is no hard and fast rule for disk storage space. The actual amountyou require depends on the number and size of projects managed withPolarion. The more projects, and the larger they are, the more disk storageyou require.

PostgreSQL version 9.2 or higher is required to create the new rel_module_workitem databasetable. The table contains information about Work Items both contained or referenced within adocument.

Client softwareRequirement Description

Operating System Any operating system that can run the supported web browsers withsupport for the Flash plugin (see below).

If the client user will use a Polarion product supporting data interchangewith Microsoft Office®, the client user must run a Windows operatingsystem compatible with a supported version of the Microsoft Officeapplication(s) used. For details, please see Appendix: Supported MicrosoftOffice Versions.

Web Browser All you need to use Polarion is a web browser. The most current list ofsupported browsers and versions is provided in the Release Notes sectionof the README.html file, delivered in all download distributions of allPolarion products.

Adobe Flash The Polarion web portal displays charts and other graphical data aboutPolarion-managed projects using Adobe Flash.

To view these properly using a web browser, the client computermust have Adobe Flash Player installed. You can download it free athttp://www.adobe.com/products/flashplayer/.

Client hardwareRequirement Description

RAM Minimum: 2 GB (4 GB recommended)Display Resolution Minimum: 1280 x 800 pixelsServer Connection Not less than 1 Mbit/s



http://www.adobe.com/products/flashplayer/

Chapter 3: Additional recommendations

Libraries required for building the demo projectsThe items described here are not critical for running and evaluating Polarion. However, thecomponents described are needed to be able to fully utilize Polarion's capabilities.

The distribution contains several demo projects. Each of them needs its particular set of 3rd partylibraries to be correctly built and have the project reports generated. Any missing libraries areautomatically downloaded from the internet during project processing, so you may need a connectionto the internet when you first try building the demo projects or run reports for them.

Install fonts for exporting Highchart chartsThe urw-fonts package must be installed on CentOS and SuSE.

Enable email notificationsThe Polarion server can send email notifications in response to various events in the system such asbuild completions and new Work Items. It can also notify users about external changes.1. You can enable email notifications before starting the Polarion server by setting the host

name in the announcer.smtp.host property in the polarion.properties file located in$POLARION_HOME$/etc/.

2. In the same polarion.properties file, set the announcer.smtp.user andannouncer.smtp.password properties to a valid email account on the SMTP host specified inannouncer.smtp.host. If your SMTP server doesn’t listen on default port 25, change the portsetting in announcer.smtp.port. You may wish to create a special account on your SMTP hostfor use with Polarion notifications.

3. Provide a valid email address for each user in their user account. (Administration → UserManagement → Users.) This can be automated through user self-creation of accounts, orintegration with LDAP. See Administrator’s Guide: Managing Users and PermissionsinPolarion's Help.

When the configuration is correctly set up, the system sends notification emails about various eventsaccording to the notification targets configuration. For information on configuring email notifications,see Administrator’s Guide: Configuring Notifications in Polarion's Help.

If aWork Item is modified outside of the Polarion portal, for example manually in the SVN,email notifications are sent as if the modification occurred in the portal.

See also, Appendix: Enabling Email Notifications



Enable support for JavadocThe demo and your own projects can be configured to provide Javadoc reports.

Javadoc must also be enabled for the descriptors.xml file. Access it in the Repositorybrowser: Repository/.polarion/reports/descriptors.xml. Refer to comments within the in thedescriptors.xml for details on how to enable Javadoc.

Hide versions of installed componentsIt's a good security precaution to update Apache’s configuration to hide the exact version numbersfor installed components by default.

• Once the Polarion installation is complete, add the following settings to your Apache configuration:

ServerSignature Off

ServerTokens Prod

The Apache configuration file names will vary depending upon the distribution.



Chapter 4: Linux installation and overview

Installation typesAutomated installationThe entire installation process is driven automatically by an installation script. At most you haveto answer a few questions, but you do not pre-install anything or do any other manual work inorder to satisfy the prerequisites before you start the script. Automated installation is possible onmost, but not all, of the supported Linux platforms.

Manual installationYou must pre-install the required infrastructure software before you attempt to install Polarion. Youfollow steps in the documentation as opposed to interactive instructions from a script. You mayalso need to write some shell scripts by hand or modify the manual_install.sh file before running it.

Semi-automated installationThe automated installation process script is not able to install all the prerequisites for a platformautomatically, so it requests that you to install something manually before proceeding.

See supported platforms and installation types for the details on the distributions they apply to.

Automated installationThe automated installer scripts detect the operating system (OS). The OS version is not checked,however, so you must ensure that you have the minimal required version of your system as specifiedin Server Software Requirements.

If your OS is supported, the automated scripts will install the prerequisite third-party software for thespecific supported Linux platform from existing package repositories on your system during thePolarion installation process. They will then install the Polarion platform itself. Ensure that you haveset up the package repository defaults provided for your system.

If you have a different version of the OS from the supported distributions, it is probably still possible toperform an automatic installation. However, during the process you will need to manually install therequired third-party software before you respond No to installation default dependencies.



Supported Linux versions for automated installationIf you have one of the supported Linux platforms, you will find installation on Linux easier, faster andsmoother. Each supported platform comes with predefined configurations of the recommendedversion of third-party software. If the installer script finds that your operating system is not one of thesupported variants, it will inform you and allow you to install Polarion manually.

The table below lists the Linux platforms that are currently fully supported. Installation support forother platforms may become available. Be sure to check the list of available installers on the webpage where you download Polarion.

We highly recommend using stable repositories and installing tested versions of third-party softwarerather than installing newer, untested versions.

Platform Type Default Repositories NecessarySUSE Automated All default repositories including SDK.RedHat Semi-automated Default repositories from installation. For more

information about mirrors and repositories see:http://www.centos.org/download/mirrors/

Ubuntu Automated Main, Universe and Multiverse. For more informationsee:https://help.ubuntu.com/community/Repositories/Ubuntu

Debian Automated Main, updates.All Others Manual Not applicable

Automated installation overviewThe automated installation scripts perform the following installation steps:

1. Create a special system account for Polarion.

2. Set valid permissions for Polarion.

3. Adds Polarion as a system service at the default run levels of the Linux distribution it's beinginstalled on, and ensures that it starts after Apache.

4. Setup the default Apache configuration for Polarion and the Subversion used with it.

5. For a clean installation, create a new Subversion repository with initial or sample demo data.

6. Create symbolic links into default system places such as /var/logs, /var/run/, /srv/polarion,and so on.

7. Start Polarion and third-party servers.

Automated installation steps are detailed in Automated Installation Procedure.



http://www.centos.org/download/mirrors/

https://help.ubuntu.com/community/Repositories/Ubuntu

Linux installation and overview

Manual installationNo automated installation script is used for a manual installation. Only the Polarion platform isinstalled without any of the required third-party software (SVN, Apache, and so on). Manualinstallation requires that you obtain all the required third-party software needed to support Polarion,install and configure them, and then install and start the Polarion server. An example of when amanual installation is necessary is if the computer does not yet have an internet connection.

For more information, see Appendix: Manual Installation on Linux.


Linux installation and overview

Chapter 5: Automated installation procedure

See the Supported platforms and installation types for the Linux versions that support the automatedinstallation script procedure described below.

If you already have one or more of the required third-party software packages installed,you can respond NO to the prompts asking if you want to install them, but be absolutelysure that you have it installed, otherwise you can break the automated process and itcan be problematic to resume. If you are not sure that you have the required installationand configuration, it is better to say YES to the request to install the required third-partysoftware.

1. Unpack the archive you downloaded from the Polarion web site into an empty directory.

2. If SELinux is bundled with or installed on your Linux OS, make sure it is not activated. Checkthe SELinux status with the /usr/sbin/sestatus -v command .

3. Log in to the root account.

4. Navigate into the unpacked directory.

5. Run chmod +x install.sh after unzipping. (Only needs to be run once.)

6. Run the installation script: ./install.sh.

7. Continue with the installation, answering questions when prompted by the script.

8. After the installation process the Polarion server will start automatically, which you can verify byopening http://localhost/polarion in a supported web browser.

Before using the system in a production environment, see Securing the Polarion activationapplication.


Chapter 6: System startup and shutdown

Secure the activation applicationPolarion includes an activation application that makes it possible to install or update a license whilethe Polarion server is running. Access to this application is not protected by any username orpassword. For production use, it is highly recommended to secure access to this application. SeeSecuring the Polarion activation application for details.

Starting PolarionThe first time you start the Polarion server, no time estimates appear in the console because there isno data on which to base the estimate. Instead, not enough data for startup estimation is writtento a log file at /var/log/polarion.log.

The first startup after an automated installation is automatic. This section provides the procedure forsubsequent startups. This includes the first startup after a manual installation.

To start the Polarion server, execute whichever of the following is applicable:

• Common command: $POLARION_HOME$/bin/polarion.init start

For a system that supports systemd: systemctl start polarion

• On CentOS, RHEL, Debian or Ubuntu: service polarion start

• SUSE/SLES 11: rcpolarion start

• SUSE/SLES 12: The Common command ($POLARION_HOME$/bin/polarion.init start )

On startup and on re-index operations, Polarion estimates and reports the amount of time theoperation will take. You will see this estimate in the console and log file on subsequent startups, butfor the first time, no data exists on which to base the estimate. The following startup phases arereported in the console and log file:

• Platform startup

• Context recognition

• Context initialization

• Revisions processing

• Build artifacts recognition

• BIR inspection

• Data indexing



• Polarion startup

Shutting down PolarionTo shut down Polarion, execute whichever of the following is applicable:

• Common command: $POLARION_HOME$/bin/polarion.init stop

For a system supporting systemd: systemctl stop polarion

• On CentOS, RHEL, Debian or Ubuntu: service polarion stop

• On SUSE: rcpolarion stop

• SUSE/SLES 11: rcpolarion stop

• SUSE/SLES 12: The Common command ($POLARION_HOME$/bin/polarion.init stop )

Starting and stopping the PostgreSQL databaseThe automated installation process creates a service for the PostgreSQL database namedpostgresql-polarion. If you manually start/restart your Polarion system, this service must be startedafter Apache and before the Polarion server. You can use one of the following commands to startthe service:

• CentOS, RHEL, Debian or Ubuntu: service postgresql-polarion start

• SUSE/SLES 11: rcpostgresql-polarion start

• SUSE/SLES 12: service postgresql-polarion start

You can stop or restart the service by replacing start with stop or restart in the above commands.

If you install Polarion manually, the postgresql-polarion service is not present, so it is necessary touse utilities provided by PostgreSQL to start/stop the database. Starting/stopping of the PostgreSQLserver is common for all Linux distributions and needs to be done on behalf of the Postgres user. Youmust initialize the database storage prior to running the server for the first time. (See Configuration ofthird-party components). All PostgreSQL utilities must be run on behalf of the postgres system user.

Command Syntax:

su postgres

pg_ctl -D <PATH_TO_PG_DATA> -l <PG_LOGFILE> start/stop/restart

In a typical installation this would translate to:

su postgres

pg_ctl -D /opt/polarion/data/postgres-data -l /opt/polarion/data/postgres-data/log.out -o

"-p 5433" start

(The pg ctl command should be written to a single command line.)



System startup and shutdown

You can define additional options, for example, on which port the database should run. For anoverview of options, see http://www.postgresql.org/docs/9.4/static/app-pg-ctl.html.

Integration with SystemdOn Linux systems that support systemd, Polarion installs support for it and uses it for system startup.Integration with systemd ensures that other necessary software (Apache and PostgreSQL, forexample) is started before Polarion.

With systemd, the start, stop, and restart commands can be used. (These are also delegatedto polarion.init.) Other commands like reindex, demo and so on must be used with/opt/polarion/bin/polarion.init reindex. The start/stop/restart commands can also be used withpolarion.init in systems supporting systemd.

Integration with Init SystemThe script /opt/polarion/bin/polarion.init is suitable for integration with the init system to start thePolarion server if systemd is not used. It supports start, stop and restart commands using thespecial system polarion account .

polarion.init does not start the Apache and PostgreSQL servers. You should always makesure to start these by other means before starting Polarion server.


System startup and shutdown

http://www.postgresql.org/docs/9.4/static/app-pg-ctl.html

Chapter 7: After installation

Configure the PostgreSQL databaseThe following should be done immediately following the installation and initial configuration:

• Configure the PostgreSQL database

• Optimize the PostgreSQL database

• Secure the Polarion Activation Application

• Change the default administrator password

• Change the password for the 'polarion' SVN user

• Enter an error reporting email

The PostgreSQL database must be properly configured before you can start the Polarion server.Automated installation scripts attempt to perform basic configuration so that Polarion can run. If thescript was unable to configure PostgreSQL you will need to configure it manually. See Appendix:Manual configuration of third-party components. Even if the script succeeds, some additionalconfiguration of the PostgreSQL database is recommended for optimal performance.



Optimizing the PostgreSQL databaseBeginning with version 2015 SR2, Polarion integrates the PostgreSQL database in all newinstallations. After a new Polarion installation containing this database, it is highly recommendedthat the administrator adjust some PostgreSQL settings to optimize performance. You should makethe following changes in the postgresql.conf file. The database server needs to be restartedfollowing this configuration.

Default Linux Path: /opt/polarion/data/postgres-data/

max_connections = 80 # should be < 10 * number of CPUs

shared_buffers = 2GB # should be 10% - 15% of total system RAM

work_mem = 10MB # should be 10MB - 100MB

maintenance_work_mem = 200MB

fsync = off

synchronous_commit = off

full_page_writes = off

wal_buffers = 256kB # should be more than size of common

# transaction

checkpoint_segments = 32

effective_cache_size = 4GB # should be approx 1/3 of total

# system RAM

max_locks_per_transaction = 100 # specific for Polarion

# Optimal planner performance setting

# For HDD, keep default setting. Otherwise, uncomment the

# applicable setting below:

# For SSD:

# random_page_cost = 1.5

# For SAN:

# random_page_cost = 2.0

On some Linux environments, the automatic configuration of PostgreSQL's shared_buffersparameter may calculate a value that exceeds the available shared memory configuredby kernel parameter SHMMAX. In automated installations, the installer script assigns adefault value of 24 MB for shared_buffers and posts the following message:

"NOTICE: Polarion attempted to change value of shared_buffers in postgresql.conf

to $v_shared_buffers_old but $v_shared_buffers_new was used instead because

of low value in /proc/sys/kernel/shmmax."



After installation

If you see this message during the installation, you are advised to review your SHMMAX configurationand adjust shared_buffers for PostgreSQL manually.

Securing the Polarion activation applicationBeginning with version 2015, Polarion includes an activation application that makes it possible toinstall or update a license during runtime of the Polarion server, without the need to copy the licensefile manually to the target machine. Access to this application is NOT initially protected by user nameand password. For production use, it is highly recommended to secure access to this applicationdirectly in the Apache configuration.

Beginning with version 2015, there is a template Apache configuration file in the Polarion installationfolder: /polarion/polarion/install/polarion.activation.conf.template

To ensure that a user name and password is requested when accessing the activation application(/polarion/activate/online and /polarion/activate/offline), copy this file to the Apache configurationfolder, on Linux usually /etc/httpd/conf.d/.

After copying the file, rename it to remove the extension .template. Then open the file in any texteditor and modify it according to the instruction comments provided.

The template configuration is prepared for both user file authentication (like Polarion uses forSubversion by default, with user passwords data in a file) and for authentication against an LDAPserver.

In a multi-instance setup (a coordinator and one or more instances, that can be clustered), it isnecessary to use this configuration only on the coordinator server (the activation application runsonly on the coordinator). For additional information about this type of setup, see the Polarion ALM™Enterprise Setup document. (Download the PDF version from Polarion's website.)

Change the default System Administrator passwordTo help ensure the security of your Polarion system, you should change the default password of thesystem administrator user account described below, and in the Changing the password for theSVN 'polarion'' user section.

The default account System Administrator has access to all administrative functions of Polarion,including read-write access to the subversion repository. After installing Polarion for actual productionuse, you should change the password on the default system administrator account.

Before you change the password on the default system administrator account, you may wish to createanother account with administrator rights for yourself and/or someone else.

To change the default administrator password:

1. Log in to the Polarion portal with the default login. (username: admin, password: admin)

2. Click My Polarion. The My Polarion page for the System Administrator account loads in thecontent area.

3. Click on on the top right and click My Account.


After installation



4. In the My Account page click Edit.

5. Enter the new password in the New Password field, and again in the Re-enter Password field.

6. If you want to continue using this account as the main system administrator account, you maywish to add your email address in the Email field, and add a description for the account in theDescription field.

7. When finished editing the System Administrator profile, click Save. The password is nowchanged and you will need to use it next time you log in.

Do not lose the new password.

If you lose the changed password, you will not be able to log in as system administrator.If no other accounts exist with administrator rights, it will not be possible to change theconfiguration, add projects, manage user accounts, etc.



After installation

Changing the password for the SVN ‘polarion’ userA subversion repository user named polarion is created by default when you install Polarion. Thisuser acts on behalf of Polarion and has extensive permissions including read permission for allprojects. Access to this user by unauthorized users would compromise the security of your Polarionsystem, so change this password before putting the system into production use.

The following steps assume you use passwd file authentication, which is the most common method.

1. Stop the Polarion server before changing this password.

2. Use the htpasswd.exe to change the password for the polarion user. The utility is located in the[POLARION HOME]/bundled/apache/bin folder.

Utility syntax: htpasswd path/passwdfilename username.

Example: htpasswd Polarion\data\svn\passwd polarion.

3. Change the value of the password property in the polarion.properties file to thepassword you set with the htpasswd utility. The yypical location of this file ispolarion/configuration/polarion.properties.

FOR LDAP USERS

The typical setup for most Polarion users is passwd file authentication for the polarion userwith failover to LDAP for company users. This is also the default Polarion setup.

For such setups, you do not need to enter the polarion user to your LDAP users.

Enter an Error Reporting EmailThe email for the error.report.email property in the polarion.properties file is empty by default fornew installations. Add the email you want error reports sent to.


After installation

Chapter 8: Configuring OLE object support

OverviewIt is possible to import Microsoft Word documents that contain OLE objects. Polarion can displayOLE Object thumbnails during Word document import, including EMF thumbnails for Visio diagrams.OLE objects in documents must contain their thumbnails in the .emf or .wmf file formats, and theimage converter used must support their conversion into JPEG. OLE Objects themselves are notimported, only their thumbnails.

Some additional third-party software must be installed, and Polarion’s system configuration modifiedbefore you can import such Word documents.

Prerequisites• A computer or virtual machine running Microsoft Windows, accessible as a network share to

the Linux machine hosting Polarion.

• Winexe

• ImageMagick image converter.

Installation and configuration1. Install Winexe on your Linux machine. You must have administrator permissions on the target

machine.

For more information, see this serverfault response.

2. Install ImageMagick as a standard program on the Windows computer or VM.

3. Make a Windows share accessible from Linux. The Polarion user must have write access tothis share.

4. Create a shell script on Linux named oleconvert.sh, per the following code example. Replacethe Italic text with correct values for your system. Use forward slashes to delimit Windows folders.Long lines have a blank line before and after them.

#!/bin/sh

infile=$1

inname='basename "$1"'

outfile=$2

outname='basename "$2"'


https://www.aldeid.com/wiki/Winexe

http://www.imagemagick.org/script/binary-releases.php

http://serverfault.com/questions/72082/winexe-gives-error-error-failed-to-install-service-winexesvc-nt-status-acces


linux_path="LINUX_PATH_TO_WINDOWS_SHARE"

win_path="WINDOWS_PATH_TO_WINDOWS_SHARE"

cp "$infile" "$linux_path/$inname"

PATH_TO_WINEXE_EXECUTABLE -U DOMAIN/WINDOWS_USER%WINDOWS_PASSWORD//WINDOWS_HOSTNAME "\"WINDOWS_IMAGEMAGICK_INSTALLATION_FOLDER/

convert.exe\" –flatten \"$win_path/$inname\" \"$win_path/$outname\""

rm "$linux_path/$inname"

mv "$linux_path/$outname" "$outfile"

5. In the polarion.properties system configuration file, configure the OLE converter using thefollowing example. Replace the Italic text with the correct values for your system.

com.polarion.oleconverter.usefiles=true

com.polarion.oleconverter.app=PATH_TO_OLECONVERT_SH

com.polarion.oleconverter.param1=$in

com.polarion.oleconverter.param2=$out

com.polarion.oleconverter.convertedImageFormat=png

6. Restart the Polarion server.

If OLE thumbnails do not appear in imported documents, check the Polarion error log files to makesure there are no invalid path or other errors.

Configuring Polarion for OLEThere are some system properties in the polarion.properties system configuration file that you willneed to review and set after installing the image converter. Refer to comments in the section for thecom.polarion.oleconverter.app property that explain the settings.

There is an additional system property in the polarion.properties file that specifies the target imageformat for the OLE thumbnail conversion.

Set the com.polarion.oleconverter.convertedImageFormat=pngproperty to have thumbnailsconverted to PNG, or com.polarion.oleconverter.convertedImageFormat=jpg to have thumbnailsconverted to JPEG format.

The system properties are located on the following path: [POLARION]/etc/polarion.properties.



Chapter 9: Configure Attachment Preview Generator

ConfigurationPolarion displays a preview for common attachments files types like Word, Excel, Visio, PDF, andmore. To enable this feature, an external application Teamcenter Visualization Convert & Printis required. Some additional third-party software must also be installed and Polarion’s systemconfiguration needs to be modified before the attachment previews can be generated.

Prerequisites• A computer or virtual machine running Microsoft Windows, accessible as a network share to

the Linux machine hosting Polarion.

• Winexe for Linux.

• Teamcenter Visualization Convert & Print.

Installation and configuration1. Install Winexe on your Linux machine. You must have administrator permissions on the target

machine. For more information see this serverfault response

2. Install Teamcenter Visualization Convert & Print on the Windows computer or Virtual Machine.

3. Make a Windows share accessible from Linux. The Polarion user must have write access tothis share.

4. Create a shell script on Linux named tcvis.sh, with the following code example. Replace theitalicized text with the correct values for your system. Use forward slashes to delimit the Windowsfolders. Long lines have a blank line before and after them.

#!/bin/sh

infile=$1

inname='basename "$1"'

outfile=$2

outname='basename "$2"'

linux_path="LINUX_PATH_TO_WINDOWS_SHARE"

win_path="WINDOWS_PATH_TO_WINDOWS_SHARE"

cp "$infile" "$linux_path/$inname"


https://www.plm.automation.siemens.com/en/docs/tcv/11.shtml

http://www.aldeid.com/wiki/Winexe

https://www.plm.automation.siemens.com/en_us/docs/tcv/11.shtml

http://serverfault.com/questions/72082/winexe-gives-error-error-failed-to-install-service-winexesvc-nt-status-acces

https://www.plm.automation.siemens.com/en/docs/tcv/11.shtml


PATH_TO_WINEXE_EXECUTABLE -UDOMAIN/WINDOWS_USER%WINDOWS_PASSWORD //WINDOWS_HOSTNAME"\"WINDOWS_TEAMCENTER_VISUALISATION_INSTALLATION_FOLDER/

prepare.exe\" -png -overwrite \"$win_path/$inname\" -out \"$win_path/$outname\" -page1 -size 1600x?px"

rm "$linux_path/$inname"

mv "$linux_path/$outname" "$outfile"

5. In the polarion.properties system configuration file, configure the preview generator using thefollowing example. Replace italicized text with the correct values for your system

com.siemens.polarion.previewgenerator.external.app=PATH_TO_TCVIS_SH

com.siemens.polarion.previewgenerator.external.extensions=docx,doc,xlsx,xls,pdf,vsd,vsdx,ppt,pptx

com.siemens.polarion.previewgenerator.external.param1=$in

com.siemens.polarion.previewgenerator.external.param2=$out

6. Restart the Polarion server.

If previews do not appear in Polarion, check the Polarion error log files to make sure that there areno invalid path or other errors. Also check that the conversion file is running on the target machinecorrectly by executing a command directly on the server from the command line.

Configuring Polarion for Preview GeneratorThere are some system properties in the polarion.properties system configuration file thatyou will need to review and set after installing the preview generator. Refer to comments in thecom.siemens.polarion.previewgenerator.external.app property section for additional configurationinformation.

There is an additional system property in the polarion.properties file that specifies the fileextensions that can be converted by the specified preview generator. Set the following property;com.siemens.polarion.previewgenerator.external.extensions=docx,doc,xlsx,xls,pdf,vsd,vsdx,ppt,pptxto enable the conversion of all Microsoft Office file formats.

(Must be supported by the defined preview generator application.)

The system properties are located at the following path: [POLARION]/etc/polarion.properties.



Chapter 10: Licensing and Activation

OverviewIn order to use Polarion you must obtain a license. A license with the necessary key and file isnormally delivered by email to the address provided by the person who purchased the license. If youneed help obtaining a license please contact [email protected].

Polarion installs with a 30-day evaluation license. After obtaining a license for production use, youmust activate your Polarion installation. The login page provides options leading to online and offlineactivation instructions. You will need the information provided by Polarion to complete the activation.

Using Different License TypesSeveral different license types are available - Evaluation, Site, User-limited, and so on. If you beginusing Polarion with one type of license key (Evaluation, for example), and want to continue using itwith a different license type, simply remove the current license key file from the license folder andcopy the new license key file there. If Polarion server is running, you will need to restart it for thenew license to take effect. You may install multiple license keys for different license types and/orPolarion products on the same server.

Assigning Named and Concurrent UsersIf your license provides for named and/or concurrent users, you will need to add assignments for eachtype of user in the appropriate section of the users file. By default this file is located in the licensefolder of your Polarion installation. If you change the location for license key files, be sure to movethe users file to the same folder that stores your license key file.

You can edit it in the License topic in Global Administration in the portal. The file containscomments with complete instructions on how to find the user IDs of your named/concurrentusers, and make the relevant assignments. Be sure that write permission is set for the/opt/polarion/polarion/license folder .


mailto:[email protected]


License usage log fileAdministrators and managers can monitor license usage by checking the license usage log filelog4j-licensing-TIMESTAMP.log. This file is located in the /opt/polarion/data/workspace/.metadatadirectory by default.

(The /opt/polarion/data location is configurable during installation.)

When a concurrent user logs in/out, a license usage statistics report is written to the licensing log.

Concurrent licensing is not supported for all products.

The following example shows one user currently using an enterprise concurrent license type, thegreatest number of users of this license during the current server session (peak), and the maximumnumber of users allowed by the license (limit).

2008-05-14 11:12:29,609 [TP-Processor2] INFO PolarionLicensing -

STATS:enterpriseConcurrentUsers,current:1,peak:2,limit:20



Chapter 11: Subversion optimization

Polarion uses a subversion (SVN) repository as its main data storage. There are two topics in theAdministrator's Guide component of Polarion's online Help that provide guidance for administratorsabout optimizing subversion for best performance. It is recommended that you review them beforegoing into production with a new or updated installation.

• Administrator's Guide → Advanced Administration→Topics→ Optimizing Subversion

• Administrator's Guide→ System Maintenance→ Topics→ Maintaining Subversion (SVN)


Chapter 12: Multiple repository setup

There are two Polarion features that enable you to work with multiple repositories, but they arefundamentally different. You need to understand the basics of each feature before deciding whichapproach to multiple repositories best meets your needs.

The External Repository feature gives you the ability to link Polarion artifacts stored in Polarion’sintegrated repository with source code changes (revisions) stored on one or more external SVN or Gitrepositories. After installation, you can configure Polarion to use one or more external repositories inaddition to the SVN repository bundled and installed with Polarion. See Administrator’s Guide:Configuring Repositories for more information.

The Clustering feature enables you to run Polarion on multiple servers, either physical, virtual, ora combination of both. The topography can be set up to host multiple Polarion servers running onseparate machines each with its own Polarion repository, and/or multiple machines all accessinga single Polarion repository. (Polarion servers on any node can optionally be configured to accessexternal repositories, as described above.)

Special installation and configuration procedures beyond the scope of this guide are required to setup a clustered multi-server environment. See the Polarion® ALM™ Enterprise Setup documentationfor more information. (Download the PDF version from Polarion's website.)



Chapter 13: Accessing the Polarion Portal

Open a supported web browser and enter the following URL:

http://localhost/polarion/

On your first login after installation, you can login with the default system administrator credentials:

• User ID: admin

• Password: admin


Chapter 14: LDAP authorization

In a new installation, users are authorized using the Subversion integrated policy access functions(directives AuthzSVNAccessFile and AuthUserFile in polarionSVN.conf file). If you have an LDAPinfrastructure, you can make Polarion authorize users against the LDAP database.

Information on performing this configuration, together with some examples, isprovided in the polarionSVN.conf configuration file. The file is located at:[POLARION_HOME]\bundled\apache\conf\extra\polarionSVN.conf

The file is located on e of the following paths, depending on your Linux distribution:

• /etc/apache2/conf.d

• /etc/httpd/conf.d

After modifying the configuration file, the Apache server must be restarted to reflect the changes.

For more information about the Apache LDAP modules and their capabilities, visit these web pages:

• https://httpd.apache.org/docs/2.4/mod/mod_authnz_ldap.html

• https://httpd.apache.org/docs/2.4/mod/mod_ldap.html .

You can find information on configuring Polarion to work with LDAP in the Polarion Help topicAdministrator’s Guide → User Management → Integrating Polarion Server with LDAP/ActiveDirectory.


https://httpd.apache.org/docs/2.4/mod/mod_authnz_ldap.html

https://httpd.apache.org/docs/2.4/mod/mod_ldap.html

Chapter 15: Configuring Single Sign-on (SSO)

OverviewThis section describes SSO authentication methods and configurations for Polarion. Polarionsupports authentication using Security assertion markup language 2.0 (SAML), Kerberos tokens andTeamcenter security services in addition to the existing authentication methods.

SAML SSO

SAML authentication procedure flow

Polarion supports the standard Security Assertion Markup Language (SAML 2.0).

The authentication procedure flow is as follows:

1. The client machine connects to Polarion and if a user is not authenticated, Polarion redirectsthem to the Identity Provider (IdP).

2. The user then needs to be authenticated in the IdP to obtain a SAML response.

3. The IdP will then redirect them back to Polarion.

4. The browser provides this SAML response when negotiating the Polarion authentication window.

5. The Polarion server then validates the SAML response based on SAML assertions.

6. If Polarion successfully validates all the assertions, it authenticates the user and logs them in.

For more info and the glossary see the following links:

• SAML Technical Overview

• SAML Glossary

Prerequisites

The following prerequisites are required in order to configure Polarion to authenticate using SAML:

1. A standard IdP needs to be installed on the network and connected to the company'sdirectory service or another source. (This Guide will use the Microsoft ADFS as anexample). IdP needs to be installed and available to the client machines on, for example,https://saml-server.yourdomain.com/adfs/ls.

2. The Polarion and IdP machines need to be configured for the HTTPS protocol. SeeAdministrator's Guide→ Configuring SSL Suport in Polarion's Help for details.


https://www.oasis-open.org/committees/download.php/27819/sstc-saml-tech-overview-2.0-cd-02.pdf

https://docs.oasis-open.org/security/saml/v2.0/saml-glossary-2.0-os.pdf


Basic configuration

Polarion configuration

Before configuring Polarion to use SAML SSO you need to enable Auto-Create in Polarion.

1. Go to Global Administration in Polarion. First click on the top left.

(Then Administration→ Global Administration→ User Management.)

2. Click Auto-create and check Enable Auto-create.

3. Set the Global Rules given to newly created users.

When SAML SSO is turned ON, you will only be able to login via the IdP. Thereforeyou should either create a User with admin rights that has the same User ID that theIdP will use, or add the admin Role to the Global roles for auto-create, and then afterlogging in via SAML SSO for the first time change the Global roles.

Logon via SAML SSO changes the passwords for these users, so it is advisable toleave at least one user with admin rights that will not be used by SAML SSO.

(Just in case you turn SAML SSO off in the future.)

Add Properties to the poloarion.properties file:

1. Configuring Polarion to use SAML authentication requires setting the following property thatenables the SAML logon:

com.siemens.polarion.security.auth.method=saml located at:

Windows: C:/Polarion/polarion/configuration/polarion.properties

Linux: /opt/polarion/etc/polarion.properties

2. And then depending if you are using the metadata:

a. If you want to use IdP Metadata, set these properties:

com.siemens.polarion.security.saml.identityProviderMetadataUrl=<Url to the IdPMetadata, for example:

"file:///C:/Path/FederationMetadata.xml" or if youhave the metadata available on remote machine:"https://saml-server.yourdomain.com/FederationMetadata/2007-06/FederationMetadata.xml"> - the file protocol is recommended for metadata configuration.

(You don't need to worry about the certificate. It should be located within the Metadata.)

You can always overwrite the settings in Metadata by manually specifying otherproperties. (See the list of properties in the next step.)



Configuring Single Sign-on (SSO)

b. If you do not have access to the IdP Metadata, you can specify the SSO Service URL manuallyby using the following property: com.siemens.polarion.security.saml.ssoServiceUrl=<YourIdP Service URL, e.g "https://saml-server.yourdomain.com/adfs/ls">.

If you do, you must also provide the certificate file needed for SAML assertion validationthat needs to be exported from the IdP. By default, you should export the certificate to the%POLARION_HOME%\polarion\configuration folder. You can specify a different path to acertificate using the com.siemens.polarion.security.saml.certificatePath property.

The other properties have these default values and should work implicitly, but you can alsospecify them if you need to:

com.siemens.polarion.security.saml.relyingPartyIdentifier=<Polarion base.url>

com.siemens.polarion.security.saml.assertionConsumerServiceUrl=<Polarionbase.url>/polarion/>

com.siemens.polarion.security.saml.issuer=<IdentityProviderUrl base.url>

com.siemens.polarion.security.saml.forceAuthn=false

com.siemens.polarion.security.saml.certificatePath=<By default a certificate in theconfiguration folder is used>.

3. After setting the properties, restart the Polarion Service, and the SAML SSO should be working.

IdP configuration

Identity provider must be properly configured to communicate with Polarion correctly.

• To do this, you need to configure the Relying Party Identifier for Polarion in the IdP registry, soit points to Polarion's server base url (for example, https://polarion.yourdomain.com, without/polarion at the end).

• If the IdP configuration wizard supports auto-configuration using SAML metadata, anadministrator can point to the Polarion endpoint that exposes this metadata. They are availableat the following url:

https://polarion.yourdomain.com/polarion/saml2/sp/metadata

Metadata will be accessible only when Polarion is run with the following property in thepolarion.properties file.

com.siemens.polarion.security.auth.method=saml

• The IdP must be configured to send the ID in the "Name ID" attribute. This attribute is thenused by Polarion as the User ID.




ADFS Example:

1. In ADFS, go to the relying party trusts folder and add a new relying party trust.

2. A wizard opens and takes you through the configuration. You can use the Polarion metadatamentioned earlier, or a manual configuration, using the https://polarion.yourdomain.com as theRelying SAML 2.0 SSO service URL and the Relying party trust identifier.

3. After the set up is complete, you should be prompted to add a Claim rule. If not, you can alwaysright click on your Relying Party Trust and edit the claim rules from there.

4. When adding the Claim rule, choose "Send LDAP Attributes as Claims" and configurethe mapping to send an LDAP attribute as a "Name ID" attribute. For example,"SAM-Account-Name" → "Name ID"

This is the minimum that needs to be configured on the IdP side for SAML SSO to work with Polarion.For more options, see the Optional configuration section.

Optional configuration

The properties configured in the Basic configuration are sufficient for Polarion to work with SAMLSSO, but there are additional optional features that Polarion Supports.

Single Logout

To enable Single logout via the IdP, you need to configure the following properties:

1. com.siemens.polarion.security.saml.sloServiceUrl=<a link to your IdP logout service,

for example, "https://saml-server.yourdomain.com/adfs/ls/?wa=wsignout1.0">

2. com.siemens.polarion.security.ssoHomePageUrl=<a link to your IdP Home Page,

for example, "https://saml-server.yourdomain.com/adfs/ls/IdpInitiatedSignOn.aspx">

The sloServiceUrl property is the URL to that Polarion sends the logout response to.

The HomePageUrl is just a link that appears when you log out from Polarion, so that you can continueto your IdP where you can logout from SSO. (Polarion only supports IdP Initiated Single Log-out.)

You also need to configure your IdP accordingly. The link you need to provide to your IdP is:

https://polarion.yourdomain.com/polarion/login/logout

ADFS Example- To set up Single Logout in ADFS:

1. Open ADFS.

2. Open your Relying Party Trust.

3. Select the Endpoints tab and click Add SAML...

4. Select the SAML Logout type, and;

a. Set the Trusted URL to https://polarion.yourdomain.com/polarion/login/logout

b. Set the Response URL to https://saml-server.yourdomain.com/adfs/ls/?wa=wsignout1.0




5. Set the following properties in Polarion's polarion.properties file:

com.siemens.polarion.security.saml.sloServiceUrl=https://saml-server.yourdomain.com/adfs/ls/?wa=wsignout1.0

com.siemens.polarion.security.ssoHomePageUrl=https://saml-server.yourdomain.com/adfs/ls/IdpInitiatedSignOn.aspx

Synchronization of attributes

You can configure SAML to send more attributes than just the Name ID. In Polarion, the userattributes that can be automatically updated from the SAML response are Name, Email andDescription. You can configure the names of the SAML attributes used to fill these user attributes byusing these three properties:

• com.siemens.polarion.security.saml.userMapping.name=<name of the SAML attribute,default is "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name">

• com.siemens.polarion.security.saml.userMapping.email=<name of the SAML attribute,default is"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress">

• com.siemens.polarion.security.saml.userMapping.description=<name of SAML attribute,

by default it is empty (nothing will be filled in description if this property is not set up)>

By default the Name and Email attributes are set to the names used by ADFS. However "description"is not set to any SAML attribute by default and you need to specify the attribute to be used there.

The attributes will be updated with every Log on to Polarion, but if the received SAMLdata is empty, there will be no change in the User attributes. (If a user does not have, forexample, the e-mail filled in in the IdP, you can fill it in manually in Polarion and it will not besaved as empty upon logon). You can check the main log to see the SAML response ifyou have trouble with the exact name of the SAML attribute. (See the Enable logging ofSAML response section for details. )

ADFS example- In ADFS

1. Open Relying Party Trusts, right click on your application and select Edit claim rules.

2. Here you can either edit an existing rule, or add a new one.

3. You will need to add mapping for attributes you want to be sent, for example: "E-Mail Addresses"→ "E-Mail Address"; "Display-Name"→ "Name"; "Department"→ "Role", and then save therule.

4. Since the UserMapping properties for Name and Email in Polarion are set for ADFS by default,you don't need to configure them. You need to configure the Description property however, so inour example you will need to add this property into the polarion.properties file:

com.siemens.polarion.security.saml.userMapping.description=http://schemas.microsoft.com/ws/2008/06/identity/claims/role




5. After restarting Polarion and logging in as a User, the Name, E-mail and Description will befilled with the "Display-Name", "E-mail Addresses" and "Department" attributes from AD.

You can choose different attributes while setting up the claim rules, and then change the Polarionproperties accordingly.

Alternative log on

If you want to use a different User ID in Polarion than the one that is sent via SAML (for example youhave existing Users in Polarion with different IDs than their Account Names in AD), you can configuresending different IDs in your IdP, if it supports it. You can also use the alternative ID Polarion property.You can map a SAML attribute to this property, and Polarion will use this SAML attribute as the UserID, but only if it is not empty, otherwise it will still use the "Name ID" SAML attribute.

com.siemens.polarion.security.saml.userMapping.alternativeId=<name of the SAML attributethat will be used as the User ID if it is not empty>

The attribute you will use as the alternative Login ID needs to be unique for your users,otherwise users with different IdP Account names, but with the same content in theAlternative ID attribute, will be logged on as the same Polarion User. Additionally, if youwant to use E-Signatures in Polarion, it is not recommended to use the Alternative IDfunction. If there is no other way, you need to configure LDAP correctly with the alternativeID. See the E-signature section for details.

Other notes

Permissions to log on

Polarion will always auto-create a user with configured roles when it recieves a valid SAML responsewith a new User ID. If you need to deny some of your SSO users access to Polarion, set thepermissions in your IdP. If Polarion receives a invalid or denial response it will not create the new User.

E-Signatures with SAML

Since IdPs do not support logging on in an IFrame, it is not possible to use E-Signatures in Polarionwith only SAML authentification configured. To use E-Signatures with SAML SSO you need toconfigure LDAP E-Signatures. See User Guide → 15. Working with Documents → SigningDocuments → In an SSO Environment in Polarion's Help for details.

Since E-Signatures validate the signature based on the Polarion User ID and the specifiedID used by LDAP, you need to make sure that they match. If you use a different attributethan the Account ID in the SAML set up, you will need to configure LDAP to the sameattribute. It is therefore not recommended to use the alternative ID when you want touse E-Signatures.




Kerberos SS0

Authentication procedure flow

Polarion supports standard Kerberos v5 authentication using the GSS-SPNEGO mechanism.

The authentication procedure flow is as follows:

1. The client machine logs into the domain and obtains a Kerberos token.

2. If the browser is configured to use the Kerberos token for authentication, the browser sends thistoken when negotiating authentication with a site that is a member of the same domain.

3. The Polarion server gets the token from the client and validates it against the domain controller.

4. If the domain controller successfully validates the token, Polarion authenticates the user andlogs them in.

Prerequisites - Configuring the domain

A set of prerequisites is required in order to configure Polarion to authenticate using Kerberos tokens:

1. All involved machines need to be members of the same domain for example, yourdomain.com

a. Domain server (kdc.yourdomain.com) that hosts KDC (Key Distribution Center) and DNSservices.

b. Domain users (for example, user1) that log into client machines.

c. Polarion service provider (for example, polarion-server.yourdomain.com) that represents theserver running Polarion.




2. Client and Polarion machines need to have corresponding domain accounts (principals):

Domain user: [email protected]

Polarion service: HTTP/[email protected]

3. Client browsers are configured for Kerberos authentication.

4. A keytab file with the password key for the Polarion service principal needs to be generatedon the domain server.

a. On Windows run the following command as an administrator on your domain server.

ktpass -out polarion.keytab -princ HTTP/[email protected]

-mapuser polarion-server -kvno 0 -crypto AES128-SHA1 -pass password.123 -ptype

KRB5_NT_PRINCIPAL

b. On Linux run the following command as a root user on your Domain server replacingyourdomain with your own.

ktadd -norandkey -k /tmp/polarion-server.keytab

HTTP/[email protected]

See the example to follow and refer to the correct values for each ktpass command attribute.

Notes:

• The HTTP service component in the principal name is required, otherwise a Kerberosauthentication with the polarion-server will not work.




• The Polarion service provider principal must contain the fully qualified domain name of themachine's (FQDN).

• Polarion's Kerberos SSO authentication requires that principals use AES 128 bit encryption.

1. In the Windows domain, all user accounts must have the following configuration checked:

Properties→ Account→ Account options→ This account supports Kerberos AES128 bit encryption.

2. In the Linux realm, the encryption needs to be set properly when adding the followingprincipal:

For example:

addprinc -e aes128-cts -randkeyHTTP/[email protected]

3. The DES encryption type is not considered secure, so it is not allowed in the defaultconfiguration of many operating systems.

• The generated keytab needs to respect this configuration as well, so make sure to set the -cryptooption below so that it’s in line with the principal configuration.

• Kerberos always passes the sAMAccountName attribute as the user's principal name, so thisfield also represents the userId in Polarion. If you need to synchronize additional user attributesfrom LDAP, please refer to the Administrator's Guide → Managing Users & Permissions →Configuring Polarion for LDAP User Synchronization section in Polarion's Help.

Polarion configuration

Polarion configuration consists of a few simple steps:

1. Copy the generated polarion.keytab file to the Polarion server under Polarion's configurationdirectory.

2. On the Polarion server, create a login.conf file in Polarion's configuration directory with thefollowing data:

Polarion {

com.sun.security.auth.module.Krb5LoginModule required

doNotPrompt=true

principal="HTTP/[email protected]"

useKeyTab=true

keyTab="C:/Polarion/polarion/configuration/polarion-server.keytab"

};

3. Configure Polarion to use SPNEGO authentication and set the following properties in:

C:/Polarion/polarion/configuration/polarion.properties

com.siemens.polarion.security.auth.method=spnego




java.security.krb5.realm=YOURDOMAIN.COM

java.security.krb5.kdc=kdc.yourdomain.com

java.security.auth.login.config=C:/Polarion/polarion/configuration/login.conf

Once you have successfully configured the domain, the domain server, the domain client and thePolarion server, users will not see the Polarion login page, but will be immediately authenticated usingthe provided Kerberos token and logged into Polarion as the same user with same login ID.




Configuring client browsers

All currently supported browsers (found in the Release Notes section of the README.html file),can be configured to use Kerberos authentication with Polarion.

Internet Explorer 11, Chrome and Edge on Windows

All currently supported browsers (found in the Release Notes section of the README.html file), canbe configured to use Kerberos authentication with Polarion.

The above browsers are configured via Internet Options.

(Accessible from either the Windows Control Panel, or via Internet Explorer settings.)

1. Enable Integrated Windows Authentication in Internet Options → Advanced → Security.

2. Ensure that your Polarion server is a member of the Local intranet sites in

Internet Options → Security→ Local intranet→ Sites.

a. Check Include all local (intranet) sites not listed in other zones.

b. Add it explicitly among the site on the Advanced tab.



https://ping.force.com/Support/PingFederate/Integrations/How-to-configure-supported-browsers-for-Kerberos-NTLM#ie





Chrome on Linux

1. Create a directory /etc/opt/chrome/policies/managed/ and within it drop a JSON file such asyourdomain.com.json with the following contents:

{ "AuthServerWhitelist": "*.yourdomain.com",

"AuthNegotiateDelegateWhitelist": "*.yourdomain.com" }

2. Run Google Chrome.

3. Open your Polarion URL http://polarion-server.yourdomain.com/polarion and the user is loggedinto Polarion automatically.

Firefox

1. Open Firefox settings by typing about:config in the address bar.

2. Locate the following preferences:

network.negotiate-auth.trusted-uris

network.automatic-ntlm-auth.trusted-uris

3. Set them by double-clicking (or right clicking and selecting Modify) to the name of your domain,or the Polarion server’s hostname (e.g. polarion.yourdomain.com).




Authentication fallback for external users using Kerberos

A typical setup for enterprise customers has two user types with different authentication methods:

• Internal Users: Operate from within the network and are authenticated in the domain.

• External Users: Customers or contractors who are not authenticated in the domain, but accessthe internal network via a VPN connection.

Polarion supports both user types while still leveraging the benefits of SSO.

Administrators can set up an authentication fallback in a Kerberos SSO environment.

When the authentication fallback is configured, users are presented with the standard Polarion loginscreen when they do not provide a Kerberos authentication token.

Configure the Authentication fallback:

1. Setup Polarion for Kerberos.

2. Configure the connection to the same LDAP server used to authenticate users in the Kerberosvia LDAP Configuration administration.

3. Set the following property to true in the polarion.properties file.

com.siemens.polarion.security.auth.fallback=true

When using Internet Explorer, Edge or Chrome, users may be prompted for credentials ifthe Use Integrated Windows Authentication option is enabled in Internet Options andPolarion is configured for Kerberos SSO. If a user cannot be authenticated in the domain toget the correct Kerberos ticket, then they can simply discard the prompt for credentialsthree times and will then be redirected to the Polarion login screen.




Teamcenter SSO

Authentication procedure flow

Polarion supports Teamcenter Security Services (TcSS) authentication.

The authentication procedure flow is the following:

1. The client machine connects to Polarion and if a user is not authenticated, Polarion redirectsthem to the TcSS login service.

2. A user needs to be authenticated in TcSS to obtain an SSO token and then the TcSS loginservice redirects them back to Polarion.

3. The browser provides this SSO token when negotiating the authentication with Polarion.

4. The Polarion server validates the token with the TcSS identity service.

5. If the identity service successfully validates the token, Polarion authenticates the user and logsthem in.




Prerequisites - TcSS configuration

A set of prerequisites is required in order to configure Polarion to authenticate using TcSS tokens:

1. Teamcenter Security Services needs to be installed on the network and connected to thecompany's directory service. See the Security Services Installation/Customization documentation.

2. The following services need to be installed and accessible by the Polarion server and clientmachines:

-SSO Login Service on e.g. http://tcss.yourdomain.com/ssoLogin

-SSO Service on e.g. http://tcss.yourdomain.com/ssoService

3. Configure an application ID, for example PolarionProd, for Polarion in the Identity Service registry,that points to the Polarion server’s hostname.

(http://polarion.yourdomain.com/)

Do not append /polarion - just point to the root.

4. Check that these services work correctly as described in the installation documentation aboveand that a user is able to login at http://tcss.yourdomain.com/loginservice.

Polarion Configuration

Configuring Polarion to use TcSS authentication only requires that the following system properties areset in the system configuration file:

/opt/polarion/etc/polarion.properties

com.siemens.polarion.security.auth.method=tcss

com.siemens.polarion.security.tcsso.serviceUrl=http://tcss.yourdomain.com/ssoService

com.siemens.polarion.security.tcsso.loginUrl=http://tcss.yourdomain.com/ssoLogin

com.siemens.polarion.security.appId=Polarion (The default value is “Polarion”.)

Once you have successfully configured the TcSS services and the Polarion server, users will not seePolarion's login page, but will be immediately redirected to the TcSS login page where they can entertheir credentials. After authenticating in TcSS, an SSO session will be created and users will beredirected back to Polarion and logged in as the same user with the same login ID.



https://support.industrysoftware.automation.siemens.com/docs/teamcenter/10.1/PDF/en_US/tdocExt/pdf/security_services_install_customization.pdf


Other SSO considerations

Subversion access

All primary Polarion data is stored in the Subversion repository. In order to ensure the traceabilityof commits to their authors, the ability to write to the Subversion still needs to be subject toauthentication, even when SSO authentication is used with Polarion.

Because subversion does not support standard SSO mechanisms, Polarion manages the credentialsin the subversion passwd file for SSO authenticated users.

The following requirements on subversion access need to be met for SSO authentication setup:

1. Polarion is configured to access the Subversion repository on behalf of users via thehttp protocol by default. This configuration is controlled by the following system property:repo=http://polarion-server.yourdomain.com/repo

2. Apache needs to use file authentication, like the passwd file, for the repository location as theprimary authentication source. This is configured in thepolarionSVN.conf file of the Apacheconfiguration.

<Location /repo>

…

AuthBasicProvider file

</Location /repo>

3. The Polarion configuration needs to point to Apache's passwd file via the following systemproperty: svn.passwd.file=$[com.polarion.data]/svn/passwd

A Polarion update sometimes requires direct access to the Subversion repository in orderto adjust or add new configuration files. For this purpose, you will need at least one userwith direct access to the repository using known credentials in the password file.

Direct access to subversion

For direct access to the subversion repository via the existing /repo location, configure this location toonly authenticate via LDAP by removing the file authentication directive from:

[Apache configuration]/conf/extra/polarionSVN.conf.

<Location /repo>

...

AuthBasicProvider file ldap

...

</Location /repo>

Then configure a second access location for internal Polarion access that will use the authenticationvia the password file that is being managed by Polarion.

<Location /repo-internal>




# Enable Web DAV HTTP access methods

DAV svn

# Repository location

#SVNPath "C:/Polarion/data/svn/repo"

# Write requests from WebDAV clients result in automatic commits

SVNAutoversioning on

# Our access control policy

#AuthzSVNAccessFile "C:/Polarion/data/svn/access"

# No anonymous access, always require authenticated users

Require valid-user

# How to authenticate a user. (NOTE: Polarion does not currently support HTTP Digest #

access authentication.)

AuthType Basic

AuthName "Subversion repository"

#AuthUserFile "C:/Polarion/data/svn/passwd"

AuthBasicProvider file

</Location>

Features requiring special configuration in an SSO setup

In a typical SSO setup, access to the server needs to be authenticated by a secure token. If thereare also clients that are not able to obtain this token, Polarion provides a fallback authentication viacredentials that need to be explicitly allowed for the following features. As a prerequisite, Polarionneeds to be connected to the LDAP server to validate the user credentials.

1. Access to webservices from external client in SSO environment.

2. e-signatures in Kerberos SSO environment.

Subversion repository access during Polarion update

In some cases the Polarion update script does changes to the subversion repository if there arenew required configuration files, or a modification of the existing configuration is required. Theadministrator executing the update needs to provide the credentials of a user that is capable ofcommitting these changes to the subversion repository.

At least one service account registered in the subversion's password file with a known password andwith write access to all projects in the repository is required. A new user account can be added to thesubversion password file using the htpasswd tool provided with Apache.

Use this account to commit the changes to the subversion repository during the update.




Internal log-on pop-up behavior

In case of SAML SSO and TeamCenter SSO the logging process is redirected to the IdP login or theTeam Center Login. Since it may be a security issue to embed the login page in the internal loginpopup IFrame, by default, TC and SAML SSO have internal login in IFrame disabled. This means,that the popup will prompt you to log in in a new tab, which will then close and you can continueworking in the original tab.

However, if for any reason you want to enable the login form in the internal login popup, you canset this property in the polarion.properties file:

com.siemens.polarion.security.disableIFrameLogin=false

Before setting this property, make sure you IdP support the login form in an IFrame. Forexample, ADFS does not support this, and so it will be not possible to log in via internalpopup if the IFrame is disabled.

Troubleshooting

SSL

To connect to the Polarion server using an HTTPS connection, make sure that Java trusts thecertificate used to encrypt the communication. This especially applies to the Teamcenter SecurityServices Setup, Where the TcSS web application is deployed to Tomcat that runs on Java.

(See the Importing a Certificate to the Java Keystore section in Polarion's Help for details.)

Enable logging of SAML response

It may prove useful during the configuration of SAML SSO to be able to see the response send topolarion from IdP. To enable logging of this response, add this line to log4j.properties file located in<Polarion_installation_folder>\polarion\plugins\org.apache.log4j_1.2.17.2015-05-04

log4j.logger.com.polarion.platform.internal.security.auth.saml.SamlLoginClient=DEBUG,A1

After restarting Polarion, the SAML response will be visible in the main logs.

Enable international file encoding support

Support for national characters in usernames may require additional configuration. By default,Polarion encodes the Apache passwd and access files using the default Java file encoding, thatmatches the default OS system encoding. This default encoding may not be compatible with thecharacter set used in LDAP. To discover what this default is set to, check for the file.encodingproperty, for example file.encoding=Cp1252 for Windows, in the Polarion logs.

To start using national characters in usernames with SSO, first configure Polarion to use right charset.

• On Windows: Cp1252 or similar for non-Latin languages is recommended.

• On Linux: This is typically UTF-8.




1. Stop Polarion.

2. Configure the following Polarion properties:

com.polarion.platform.repository.passwdFileEncoding=CHARSET

com.polarion.platform.repository.accessFileEncoding=CHARSET

svnkit.http.encoding=CHARSET

3. Manually convert the existing access and passwd files to the target character set if the originaland target character sets are not compatible. Without these steps, your existing files will becorrupted the next time they are modified by Polarion.

4. Start Polarion.




Kerberos Hints

While implementing SSO in Polarion, we ran into several pitfalls. In the majority of cases they werecaused by a misconfigured Kerberos environment. (Be it principals, DNS, keytab, or the encryptiontype.) We provide details on a failed login page to aid in possible troubleshooting.

As Polarion leverages standard Java JGSS implementation, Oracle’s JGSS Troubleshooting Tutorialis a good source for general troubleshooting information.

Client-side troubleshooting

In some cases the browser may be sending an NTLM token instead of a Kerberos token. Polarion willreport this failure with the following exception:

Message Example:

Unexpected failure during authentication

javax.security.sasl.SaslException: Unsupported authentication mechanism NTLM

There are a few common cases that cause this behavior:

1. The Client has an old Kerberos token.

If you configure Polarion Kerberos authentication, it is essential that the the client machine sendsthe correct Kerberos token. To fix this problem, make sure to logout the client from the domainand login again to get a new Kerberos token after the reconfiguration.

2. Host name of the Polarion server does not match the principal name.

We recommend that the Polarion service principal uses the FQDN of the machine as its name.Make sure to access the Polarion server via FQDN to make the client send the Kerberos token.Also check that the Polarion service principal is using the HTTP prefix.

3. Polarion server is not considered a member of the domain.

Integrated Windows Authentication is used only within the domain. If your Polarion server is notconsidered to be a member of the same domain by the client, the client will not send the Kerberostoken. Check if your browser is configured correctly for Kerberos authentication. Add the Polarionserver to the Local Intranet zone as outlined in the Client Configuration section of this guide.

4. Wrong encryption set for the client principal.

The principals need to use AES 128 bit encryption. If another encryption type is set for theprincipals, then the client may not obtain the Kerberos token and will try to send the NTLM tokeninstead. Make sure to configure your principals to use AES 128 bit encryption.



http://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/Troubleshooting.html


Server-side troubleshooting

Typical problems in a Kerberos setup are cases when the keytab with a password for the Polarionservice principal is not exported properly or not understood by Java. Unfortunately, the Java Kerberosimplementation does not report these issues in a very clear way. A problem with the keytab results inPolarion being unable to login into the KDC in order to validate the token obtained from the client. Insuch cases, a variety of messages may appear including:

Message Example:

Unexpected failure during authentication

javax.security.sasl.SaslException: Could not initiate login

There are a few common cases that cause this behavior, and the majority of them can be troubleshotusing Oracle's JGSS Troubleshooting Tutorial. The most typical cases are listed below:

1. Keytab was not exported correctly.

Check that the principal, their password, the mapped user, and the encryption type are setcorrectly when exporting the keytab. See the example below and refer to the correct valuesfor each ktpass command attribute.

Use the Kinit tool provided with the standard Java installation to check whether the Kerberoslogin and keytab are correct.

Example:

kinit -k -t C:\Polarion\polarion\configuration\polarion.keytab <HTTP/principal>

2. Incorrect configuration of the Polarion service principal.

Check that the encryption type configured for the Polarion service principal is AES 128 bit.

In Windows environments, the event log on the KDC may provide more details about potentialproblems when exporting the keytab, because they are not logged by the ktpass tool.

3. Java cannot load the exported keytab file.

In specific cases, the keytab may not be understood by Java when exported directly from theKDC. If that is the case, use the ktab tool that is part of the standard Java installation.



http://docs.oracle.com/javase/8/docs/technotes/guides/security/jgss/tutorials/Troubleshooting.html

Chapter 16: Next steps after installation

Once you have installed Polarion and logged in to the Portal, consider taking a look at the demoprojects (assuming you installed demo data). Click on the drop-down control in the Navigation panelon the left, select Open Project or Project Group, and open any project in the Demo Projectsgroup. See the User Guide → Getting Started with Projects section in Polarion's Help for tips.

You may want to do some initial global customizations such as customWork Item types,Workflows,Reports, SSL Support and more. You will find topics on these configurations in the Administrator'sGuide section of Polarion's Help.

Once you have your Polarion system running, and any global customizations done, you are readyto begin setting up your own projects and user accounts. Look up the following topics in theAdministrator's Guide: Creating and Managing Projects and Managing Users and Permissionssection in Polarion's Help.


Chapter 17: Removing Polarion

An automated uninstaller script uninstall.sh is provided for Linux platforms.

Remove the /var/log/polarion folder and /var/run/polarion.pid.

Polarion should then be uninstalled.

Polarion’s Subversion repository is stored in the /opt/polarion folder. Be sure thisrepository does not contain production data that must be preserved! If it does, be sure tomake a backup before uninstalling Polarion.


Chapter 18: Technical support

Polarion is problem-free for most people... at least that's been our experience. However, it'simpossible to anticipate all the conditions and environments where Polarion may be used. If anarises, Polarion’s Technical Support team maintains the Customer Self-service Portal which includesan extensive knowledge base of common problems and solutions and troubleshooting information, aswell as the possibility to submit, manage, and review your own specific support cases.

For information about the portal and technical support options, please visit:https://polarion.plm.automation.siemens.com/techsupport/resources


https://polarion.plm.automation.siemens.com/techsupport/resources

Chapter 19: APPENDIX

Default users and groupsOS User Group Passwd Utility

RedHat (CentOS) apache apache htpasswdDebian www-data www-data htpasswdUbuntu Server www-data www-data htpasswdSUSE wwwrun www htpasswd2

Enabling email notificationsIf you did not configure email notification settings in the installation program, you can do this afterinstallation by setting the host name in the announcer.smtp.host property in the polarion.propertiesfile located in [POLARION_HOME]\polarion\configuration. There you should also set theannouncer.smtp.user and announcer.smtp.password properties to a valid email account on theSMTP host specified in announcer.smtp.host. You may want to create a dedicated email addresson your SMTP host for use by the Polarion notifications system.

When this configuration is correctly set up, the system will send notification emails about variousevents according to the notification targets configuration. For information on configuring emailnotifications, see the Administrator’s Guide: Configuring Notifications in Polarion's Help.

Manual installation on LinuxIt is highly recommended that you run Polarion on one of the supported Linux operating systems anduse the automated installation scripts provided in the product distributions for Linux.

There may be cases when Polarion must be installed manually. For example, perhaps an automatedinstallation script doesn’t recognize your system as one of the supported Linux systems due tocustomization or other factors. Or possibly, your server does not yet have an internet connection,so various packages downloaded during the automated installation are not accessible. Therefore,automated installation cannot proceed. (Scripts inform you if automated installation is not possible).



1. System requirements and recommendationsBefore starting with a manual installation, go over the information listed below:

• Server software requirements (OS, Java, VCS, web server).

• Server hardware requirements (RAM, disk storage).

• Client software requirements (OS, web browsers, Adobe Flash).

• Client hardware requirements (RAM, display, connection).

Required third-party software componentsIn order to run Polarion, you need to have several other software components installed and configured:

• Apache HTTP Server version 2.2 or later. (The latest 2.4.x is recommended.)

• Subversion server version 1.6.x, 1.7.x, 1.8.x or 1.9.x

• Oracle Java SE 8 JDK

• PostgreSQL version 8.4 or higher.

• Fonts package urw-fonts (on SUSE and CentOS)

Apache server

Apache HTTP Server is a required application for Polarion. We highly recommend installing it first.

You can download the appropriate distribution at the Apache website at:

http://httpd.apache.org/.

Installation Help for Apache HTTP server is available from Apache at:

http://httpd.apache.org/docs/2.4/install.html.

htpassword Utility

After installation you must ensure that the htpasswd utility is executable. The apache/bin foldermust be present among other paths in PATH system variable, or the full path needs to be specified inthe system configuration file polarion.properties.

On SUSE the utility may be called httpasswd2



http://httpd.apache.org/

http://httpd.apache.org/docs/2.4/install.html

APPENDIX

Subversion

The Subversion version control system (versions 1.6.x, 1.7.x, 1.8.x or 1.9.x) is also required forPolarion. You can download the appropriate distribution at http://subversion.apache.org/. Fulluser/administrator documentation is available on a third-party website at http://svnbook.red-bean.com/.

PostgreSQL

In new installations beginning with version 2015 SR2, Polarion server cannot start if PostgreSQL isnot installed and configured. Please use your distribution's package manager to download these twopackages: postgresql and postgresql-contrib. On RedHat you will need the postgresql-serverpackage instead of the postgresql package.

You can follow the instructions posted online at http://www.postgresql.org/download/ or use one ofthe following command sets:

CentOS, RedHat:

• yum install postgresql

• yum install postgresql-contrib

Debian, Ubuntu:

• apt-get install postgresql

• apt-get install postgresql-contrib

SUSE: Available from openSuse Build Service (https://build.opensuse.org/) in theserver:database:postgresql project:

• yast --install postgresql

• yast --install postgresql-contrib

After installing PostgreSQL, you must configure it and Polarion. This configuration is covered in theConfiguration of third-party components.


APPENDIX

http://subversion.apache.org/

http://svnbook.red-bean.com/

http://www.postgresql.org/download/

https://build.opensuse.org/


Java SE JDK

You should also download and install the Java SE 8 JDK at:


Fonts Package

Phantom JS, used for previewing and exporting highcharts in PDF, is installed on all OS platforms.On SUSE and CentOS, URW fonts must be explicitly installed (see Server software requirements),otherwise exported diagrams rendered by Phantom JS will display rectangles instead of letters.




APPENDIX

Configure third-party componentsThis section covers various configuration requirements for third-party software that enable Polarion torun with it.

For further inspiration you may also inspect supported OS configurations located in

[Polarion_Unpack_Dir]/libinstall/predefined/[OS]/**

Apache HTTPD

1. Apache must be compiled with the WebDAV module (mod_dav.so).

2. Modules from Subversion must be properly installed (mod_authz_svn.so andmod_dav_svn.so)

The following lines must be added into an Apache configuration file into the LoadModule section.This can be the default configuration file httpd.conf ([Apache2_Dir]/conf/httpd.conf), or anyother conf file, including a new one you create for the purpose. Lines:

LoadModule dav_svn_module modules/mod_dav_svn.so

LoadModule authz_svn_module modules/mod_authz_svn.so

3. Add the following lines to your httpd.conf:

<Location /repo>

DAV svn

SVNPath "/opt/polarion/data/svn/repo"

# our access control policy

AuthzSVNAccessFile "/opt/polarion/data/svn/access"

# try anonymous access first, resort to real

# authentication if necessary.

Satisfy Any

Require valid-user

# How to authenticate a user. (NOTE: Polarion does not

# currently support HTTP Digest access authentication.)

AuthType Basic

AuthName "Subversion repository on localhost"

AuthUserFile "/opt/polarion/data/svn/passwd"

SVNAutoversioning on

</Location>

#polarion specific configuration of apache for svn

# and maven2 repo

# Maven 2 shared repository

<Directory "/opt/polarion/data/shared-maven-repo">


APPENDIX


Options Indexes

Order allow,deny

Allow from all

</Directory>

Alias /maven2 "/opt/polarion/data/shared-maven-repo"

Pay attention to the name of repository (/repo) in the first tag (<Location/repo>). It's the name(an alias) of your subversion repository.

Don't forget to specify the correct paths to the real repository folder in the SVNPath parameter,to the access file in the AuthzSVNAccessFile parameter, and to the passwd file in theAuthUserFile parameter.

Pay attention to the paths used in the httpd.conf example above. They must be the same asthose used by default by the libinstall/default.sh script. This script won't work if different pathsare used.

4. Create a file named workers.properties in your Apache server's configuration directory (wherethe httpd.conf file resides), with the following:

worker.list=worker1

worker.worker1.type=ajp13

worker.worker1.host=127.0.0.1

worker.worker1.port=8889

worker.worker1.lbfactor=50

worker.worker1.cachesize=50

worker.worker1.cache_timeout=600

worker.worker1.socket_keepalive=1

worker.worker1.recycle_timeout=300

5. Create a file named polarion_mounts.properties in your Apache server's configuration directory(where the httpd.conf file resides). Add the following lines:

/polarion/*=worker1

/polarion=worker1

/svnwebclient/*=worker1

/svnwebclient=worker1

Subversion

Either the subversion binary (svn) must be on PATH or the javahl libraries must be properly installed.



APPENDIX

Java JRE and SDK

The configuration requires the Java Runtime Environment (JRE) and several files from the JDK (SDK).

• If you use only the JRE (runtime), you must add bin/javac and lib/tools.jar from Java SE JDK,and, optionally, bin/javadoc if you want Javadoc generation to work in Polarion.

• The environment variable JDK_HOME must be properly set.

(Remember to update the JDK_HOME variable in /opt/polarion/etc/config.sh.)

JDK is required only for running Polarion as a service. For installing Polarion, you can use JRE.

(Do not update to a new major Java version until support for it by Polarion is officiallyannounced.)

Java Virtual Machine memory limit

If you allocate too much memory for the Java Virtual Machine (JVM), the operating system will notinitialize it. Diagnosing the issue can be difficult because the service simply does not start and noerror log is written. On some Linux versions, a message may appear in the console indicating that theJava Virtual Machine could not be initialized, but without indicating the reason.

The amount of memory you can allocate to the JVM depends on what OS you have and how muchtotal memory exists on the computer. The more total memory the more you can allocate to the JVMbefore the operating system imposes a limit the better.

Update Java

It's good to update Java regularly for security reasons, but check the README.html file section tomake sure that major Java version updates are officially supported by Polarion before updating tothem.

(The currently supported major Java version is 1.8 and any of its 1.8.x updates.)

Please take the usual steps specific to your distribution.

When updating Java please remember to update variable JDK_HOME in /opt/polarion/etc/config.sh.


APPENDIX


Postgre SQL

The location of PostgreSQL utilities depends on the specific Linux distribution. The commandexamples below assume that the folder containing PostgreSQL binaries is added to your systemPATH variable.

The OS user postgres is normally created as a result of the PostgreSQL installation. To be able touse the psql utility, you must access it as this user.

A) Create the PostgreSQL database storage:

1. Create a folder to store PostgreSQL data and make the postgres user the owner of this folder onLinux. Any location will be fine, as long as the postgres user owns the folder. You can use thefollowing example where the folder for PostgreSQL data is: /opt/polarion/data/postgres-data

mkdir /opt/polarion/data/postgres-data

chown postgres:postgres /opt/polarion/data/postgres-data

2. As the postgres user, initialize the database using the initdb command. The syntax differs forPostgreSQL versions, as shown in the following examples, with our /opt/data/postgres-datafolder. Use psql –version to check for the version.

For PostgreSQL version 9.1 and earlier:

su postgres

initdb -D /opt/polarion/data/postgres-data -E utf8

For PostgreSQL versions after 9.1:

initdb -D /opt/polarion/data/postgres-data -E utf8

–auth-host=md5

In some cases, initdb is not available immediately after the installation, and you need to add toyour path. You can use the locate command to find the location of psql. If it cannot be found, usethe updatedb command and search for it again. More information about initdb can be foundat: http://www.postgresql.org/docs/9.4/static/app-initdb.html.

3. Start the PostgreSQL server. Remember that all PostgreSQL utilities must be run on behalf of thepostgres system user, and you must initialize the database storage as described in step 2 aboveprior to running the server for the first time.

su postgres

pg_ctl -D /opt/polarion/data/postgres-data -l /opt/polarion/data/postgres-data/log.out -o"-p 5433" start

(The pg ctl command should be written to a single command line.) You can defineadditional options, such as the port on which the database should run. Checkhttp://www.postgresql.org/docs/9.4/static/app-pg-ctl.html for an overview of options.

B) Connect to the Root Database of PostgreSQL:

For configuration of Polarion databases, you need to connect to the root database of PostgreSQLpostgres using your favorite SQL client, for example Squirrel), or just use PostgreSQL's built in thepsql tool.



http://www.postgresql.org/docs/9.4/static/app-initdb.html

http://www.postgresql.org/docs/9.4/static/app-pg-ctl.html

http://squirrel-sql.sourceforge.net/

APPENDIX

1. On Linux, the operations with PostgreSQL database must be run on behalf of the postgresuser: su postgres

2. Connect to the PostgreSQL postgres root database on behalf of the postgres user (or thedatabase's superuser): psql -p <port> postgres

The syntax for psql is: psql -p <port> -U <user> <database>

Example: psql -p 5433 -U polarion polarion_history

C) Create the Polarion User and the Databases:

Polarion uses two databases, polarion and polarion_history, which will be owned by the polarionuser, so the first step is to create the polarion user. To do this, execute the following three SQLstatements using your SQL client:

1. Create the polarion user and replace the <your-password> with a password of your choice:

(The password cannot contain any of the following characters: @, :, \, ', " or leading/trailingspaces.)

CREATE USER polarion WITH PASSWORD '<your-password>' CREATEROLE;

2. Create the Polarion database:

CREATE DATABASE polarion OWNER polarion ENCODING 'UTF8';

3. Create the polarion_history database:

CREATE DATABASE polarion_history OWNER polarion ENCODING 'UTF8';

4. Quit the psql utility using the \q command.

D) Install dblink Extension and PLPGSQL Language:

After you have created the two databases for Polarion, you need to install the DBLink extension onboth of them. The DBLink extension is used to enable Lucene queries within SQL queries. Somefunctions used by Polarion use the PLPGSQL language, which needs to be installed as well.

1. Connect to the polarion database via psql client as postgres database user (or the superuser):psql -p 5433 polarion

2. Create the DBLink extension.

a. If your PostgreSQL version is 9.1 or later, just execute the following SQL command: CREATEEXTENSION dblink;

b. If your PostgreSQL version is 9.0 or earlier, use the psql tool to set up the extension usingthe following command:

- If not connected to psql: psql -p <port> polarion -f dblink.sql

- If already connected: \i dblink.sql;

The dblink.sql file was installed during your installation of PostgreSQL. The locationdepends on your Linux distribution. You can use the locate command to find it.


APPENDIX


3. To verify that the dblink extension was successfully installed, execute this SQL query in yourdatabase client:

SELECT p.proname

FROM pg_catalog.pg_namespace n

JOIN pg_catalog.pg_proc p

ON p.pronamespace = n.oid

WHERE n.nspname = 'public';

It should return rows containing db_link as a prefix.

4. Install the PLPGSQL language by executing the following SQL command:

CREATE LANGUAGE plpgsql;

5. Quit the psql utility (\q) and repeat the above steps for the polarion_history database.

6. If you did not run the initialization of the database with –auth-host=md5, open[PG_DATA]/pg_hba.conf and change all the host entries with trust to md5, then restartPostgreSQL. (In our examples, [PG_DATA] was /opt/polarion/data/postgres-data (the locationon which the database was initialized).

E) Optimize the PostgreSQL Database:

Optimization is the same as described for automated installation.

(See After installation: optimizing the PostgreSQL database.)

F) Configure Polarion to use PostgreSQL database:

Add the following property to the polarion.properties system configuration file:

com.polarion.platform.internalPG=polarion:<password>@<hostname>:<port>

For example:

com.polarion.platform.internalPG=polarion:polarion@localhost:5433

If you have the polarion and polarion_history databases running on different servers, you can usethese two properties rather than the above property:

com.polarion.platform.sql.internalDB.head.url=jdbc:postgresql:

//<hostname>:<port>/polarion?user=<userName>&password=<password>

com.polarion.platform.sql.internalDB.historical.url=jdbc:postgresql:

//<hostname>:<port>/polarion_history?user=<userName>&password=<password>

Each property should be written in a single line.

After you have set the system properties, reindex your Polarion installation so that the PostgreSQLdatabase will be populated. Using any SQL client after the reindex, you should see the databasefilled in the polarion schema.



APPENDIX

G) (Optional) Allow remote connections to the PostgreSQL server:

By default the PostgreSQL database is only available on localhost after a fresh install. If you need tohave access from outside the host machine, please follow these steps to allow remote access:

1. Change the listener addresses in the postgresql.conf file. This file can be found in the PostgreSQL

data folder, the one you have defined under Starting/Stopping PostgreSQL. In this file, change:#listen_addresses='localhost' to listen_addresses='*'

2. In the same folder, you will find the pg_hba.conf file. Open it in a text editor and add the followingline: host all all 0.0.0.0/0 md5

If you allow for external connections to the database, an external user has blanketaccess to the entire database content and effectively to all Polarion data - all projects,the HEAD revision as well as history. There is no further access control. All Polarionuser names will also be visible. (Polarion user passwords will not be visible as thoseare not stored in a database or SVN.) Access is read-only.

Administrators are advised to consider carefully before opening database access ina system in use on a production level.

H) Check Shared Buffers Configuration

Check that the value of the shared_buffers parameter in postgresql.conf does not exceed theavailable shared memory configured by the SHMMAX kernel parameter .

Install PolarionAfter the required third-party software is installed and configured, you are ready to install Polarion.

The Linux distribution comes in a ZIP archive. The archive file name includes the version number andthe word linux. For example: PolarionALM_nnnn_linux.zip (where n is a number from 0-9).

Installation steps

1. Be sure that all required third-party components are properly installed and configured.

2. Unpack the distribution ZIP archive to a temporary location.

3. Change current directory to Polarion.

4. If SELinux is bundled with/installed on your Linux OS, make sure it is not activated. Check thestatus of SELinux with the /usr/sbin/sestatus -v. command

5. Create a Unix system account named polarion for the Polarion server.

6. Review the path variables defined in libinstall/default.sh. Set up v_web_user andv_web_group.

7. Execute (under root):

chmod +x manual_install.sh; ./manual_install.sh


APPENDIX


This will install Polarion into the standard /opt/polarion location . Data will be installed into thestandard /opt/polarion/data location .

Setting permissions

After manual installation you need to set up permissions on unpacked folders.

The standard permissions are:

• Read only for everybody, owner and group root: root on the following folders and their subfolders:

/opt/polarion/polarion

/opt/polarion/maven

• Writeable on the /opt/polarion/datafolder and its subfolders.

For "polarion":"web user", where polarion is a system account that you must create manually andweb user is user used by Apache.

For more details, see the setPermissions() function in [UnpackDir]/libinstall/helper_functions.sh.

Notes on a manual installation

If Polarion is already installed, any user data (repository, builds, reports) will not be overwritten.However, it is recommended to back up any changed files in /opt/polarion (typicallypolarion.properties and any customized shell scripts), because they will be overwritten.

Possible changes include:

• Change the value of the host.name parameter from localhost to the host name specifiedin httpd.conf.

• Check that the repository alias in the svn.url parameter corresponds to the one in the httpd.conffile. (See Required Configuration.)

• Check that the correct paths to the passwd and access files are specified in the relevantsvn.passwd.file and svn.access.file parameters.

• You may need to reconfigure the htpasswd.path parameter and set it to /usr/sbin/htpasswd2instead of the usual /usr/local/apache2/bin/htpasswd.

• Check Apache's htpasswd utility path in the htpasswd.path parameter.

• Check that the port specified in the tomcat.ajp13-port parameter corresponds to the portspecified in the worker.worker1.port parameter of the workers.properties file.

• Specify the correct SMTP host in the announcer.smtp.host parameter.



APPENDIX

Configure Polarion1. Execute commands from installation temporary directory to create new Subversion repository:

svnadmin create /opt/polarion/data/svn/repo –fs-type fsfs

chown –R “webuser”:”webgroup” /opt/polarion/data/svn/repo

The items webuser and webgroup are the user and group under them on the Apache server.

2. Import either the production data or demo data configuration. You cannot import both. You canonly execute both scripts on a fresh repository.

[POLARION]/bin/polarion.init init

or

[POLARION]/bin/polarion.init demo

Parameters could be different on your OS. For example User and Group directivevalues from httpd.conf: The Group value in the standard Apache distribution is #-1,the numerical group ID -1, can't be used. Use apache/apache as User and Groupinstead.

Once the ([POLARION]/bin/polarion.init init, or [POLARION]/bin/polarion.initdemo) scripts have been executed, it is not possible to install demo data withoutdeleting the subversion repository in /srv/polarion/data/svn/repo.

3. Before using the system for production, see Securing the Polarion activation application andperform the recommended configuration as described.

Next stepsAfter completing a manual installation, review the following topics.

• System Startup and Shutdown

• After Installation

• Appendix: Default Users and Groups

• Appendix: Enabling Email Notifications


APPENDIX

Chapter 20: Supported Microsoft Office® versions

Users of a Polarion ALM™ product supporting current or legacy Microsoft Office data interchangefeatures for Microsoft Word™ and/or Excel®, please note the following table which outlinescompatible versions of Microsoft Office applications.

NOTES:

1. Beginning with Polarion version 2014-SR1, Microsoft Office 2003 is no longer supported inPolarion LiveDocs.

2. Prior to Polarion version 2011, Live Documents referred to Microsoft Office Word and Exceldocuments based on special document templates developed by Polarion, which could defineand store PolarionWork Items. Beginning with version 2011, Polarion refactored the technologycompletely but maintained backward compatibility. Beginning with Polarion version 2014-SR1support for this legacy format is dropped completely.


Siemens Industry Software

HeadquartersGranite Park One5800 Granite ParkwaySuite 600Plano, TX 75024USA+1 972 987 3000

AmericasGranite Park One5800 Granite ParkwaySuite 600Plano, TX 75024USA+1 314 264 8499

EuropeStephenson HouseSir William Siemens SquareFrimley, CamberleySurrey, GU16 8QD+44 (0) 1276 413200

Asia-PacificSuites 4301-4302, 43/FAIA Kowloon Tower, Landmark East100 How Ming StreetKwun Tong, KowloonHong Kong+852 2230 3308

About Siemens PLM Software

Siemens PLM Software, a business unit of the SiemensIndustry Automation Division, is a leading global providerof product lifecycle management (PLM) software andservices with 7 million licensed seats and 71,000 customersworldwide. Headquartered in Plano, Texas, SiemensPLM Software works collaboratively with companiesto deliver open solutions that help them turn moreideas into successful products. For more informationon Siemens PLM Software products and services, visitwww.siemens.com/plm.

© 2017 Siemens Product Lifecycle ManagementSoftware Inc. Siemens and the Siemens logo areregistered trademarks of Siemens AG. D-Cubed,Femap, Geolus, GO PLM, I-deas, Insight, JT, NX,Parasolid, Solid Edge, Teamcenter, Tecnomatix andVelocity Series are trademarks or registered trademarksof Siemens Product Lifecycle Management SoftwareInc. or its subsidiaries in the United States and in othercountries. All other trademarks, registered trademarksor service marks belong to their respective holders.