CMI ApiTests

Metastack

Initial deployment läuft nicht ( unauthorized_client ) -> TODO: Migrationsanleitungv schrieben

Invalid client configuration for client cmiWebApi: RequireClientSecret is false, but client is using client credentials grant type.
[I] [13:52:24 Information] <63> CMI.STS3.Services.Telemetry.LogEventSink
[I] {"ClientId": "cmiWebApi", "ClientName": "unknown name", "Category": "Error", "Name": "Invalid Client Configuration", "EventType": "Error", "Id": 3001, "Message": "RequireClientSecret is false, but client is using client credentials grant type.", "ActivityId": "0HNLIE8CME2U7:00000005", "TimeStamp": "2026-05-15T11:52:24.4820813", "ProcessId": 3328, "LocalIpAddress": "::1:65103", "RemoteIpAddress": "192.168.122.1", "$type": "InvalidClientConfigurationEvent"}
[I] [13:52:24 Error] <63> Duende.IdentityServer.Validation.AuthorizeRequestValidator
[I] Unknown client or not enabled: cmiWebApi
[I] {"ClientId": null, "ClientName": null, "RedirectUri": null, "AllowedRedirectUris": null, "SubjectId": "anonymous", "ResponseType": null, "ResponseMode": null, "GrantType": null, "RequestedScopes": "", "State": null, "UiLocales": null, "Nonce": null, "AuthenticationContextReferenceClasses": null, "DisplayMode": null, "PromptMode": "", "MaxAge": null, "LoginHint": null, "SessionId": null, "Raw": {"response_type": "code", "client_id": "cmiWebApi", "state": "OFRUdlRsSXlLS3RiZnBHUW4yR0I1N1FLaUROeH5xZy5idDVVWW9nRjVxeGJD", "redirect_uri": "https://api.cmiag.dev/dev/", "scope": "metatool openid", "code_challenge": "TTzyVA5zz-ZQybdosaYkLFlFCRtn7EvnB9WDFHOOEyU", "code_challenge_method": "S256", "nonce": "OFRUdlRsSXlLS3RiZnBHUW4yR0I1N1FLaUROeH5xZy5idDVVWW9nRjVxeGJD"}, "$type": "AuthorizeRequestValidationLog"}
[I] [13:52:24 Error] <63> Duende.IdentityServer.Endpoints.AuthorizeEndpoint
[I] Request validation failed
[I] [13:52:24 Information] <63> Duende.IdentityServer.Endpoints.AuthorizeEndpoint
[I] {"ClientId": null, "ClientName": null, "RedirectUri": null, "AllowedRedirectUris": null, "SubjectId": "anonymous", "ResponseType": null, "ResponseMode": null, "GrantType": null, "RequestedScopes": "", "State": null, "UiLocales": null, "Nonce": null, "AuthenticationContextReferenceClasses": null, "DisplayMode": null, "PromptMode": "", "MaxAge": null, "LoginHint": null, "SessionId": null, "Raw": {"response_type": "code", "client_id": "cmiWebApi", "state": "OFRUdlRsSXlLS3RiZnBHUW4yR0I1N1FLaUROeH5xZy5idDVVWW9nRjVxeGJD", "redirect_uri": "https://api.cmiag.dev/dev/", "scope": "metatool openid", "code_challenge": "TTzyVA5zz-ZQybdosaYkLFlFCRtn7EvnB9WDFHOOEyU", "code_challenge_method": "S256", "nonce": "OFRUdlRsSXlLS3RiZnBHUW4yR0I1N1FLaUROeH5xZy5idDVVWW9nRjVxeGJD"}, "$type": "AuthorizeRequestValidationLog"}
[I] [13:52:24 Information] <63> CMI.STS3.Services.Telemetry.LogEventSink
[I] {"ClientId": "cmiWebApi", "ClientName": null, "RedirectUri": null, "Endpoint": "Authorize", "SubjectId": null, "Scopes": "", "GrantType": null, "Error": "unauthorized_client", "ErrorDescription": "Unknown client or client not enabled", "Category": "Token", "Name": "Token Issued Failure", "EventType": "Failure", "Id": 2001, "Message": null, "ActivityId": "0HNLIE8CME2U7:00000005", "TimeStamp": "2026-05-15T11:52:24.4921195", "ProcessId": 3328, "LocalIpAddress": "::1:65103", "RemoteIpAddress": "192.168.122.1", "$type": "TokenIssuedFailureEvent"}

Gleiche Migrationsproblematik wie in anderne Diensten. Hier wurden beide Clients aus bequemlichkeit kombiniert (achtung! Nicht best practice und beim Kunden deshalb sowieso nicht vorhanden/empfohlen)

ConfigUI

Anmeldung

Anmeldung Authcode
Anmeldung mit falschen Daten wird geblockt
Anmeldgeversuch mit falschem Client wird geblockt
Abmeldung funktionsfähig

Konfiguration

Aktivieriung bestimmter Typdefintionen
Filter auf Felder + Assocs
Filter auf ContentProvider
Filter auf Operationen
Erstellen/Modifizieren/Entfernen neuer Gruppen
Einbindung Prozesslayer (Klapp)
Konfiguration verwerfen
Konfiguration Export
Konfiguration Import + Autoreboot

Swagger

Hauptconfig -> dev
Gruppenconfig -> devtestgroup
ProcessLayer -> Klapp
GroupProcessLayer -> Discovery

Requests

Suche nach “Test” Geschäften

Erfolgreich

$ curl -X 'POST' \
  'https://api.cmiag.dev/dev/Geschaeft/Search?take=100&skip=100' \
  -H "Authorization: Bearer $bearer" \
  -H 'Content-Type: application/json' \
  -d '"FULLTEXT[test*]"'

{
  "guid": "3996dc1e-fdb1-4d19-a2b3-cb22330e417c",
  "version": 30,
  "typeName": "Geschäft",
  "titel": "AUTOCHECKIN",
  "zugriffsteuerung": "Offen",
  "beginn": "11.03.2020",
  "laufnummer": "55",
  "lifecycleStatus": "In Bearbeitung",
  "geschaeftsstatus": "In Bearbeitung",
  "customStatusberichtintern": false,
  "customEntwicklung": false,
  "customSolution": false,
  "customProjekte": false,
  "customSupport": false,
  "customDritte": false,
  "customStatusberichtextern": false,
  "customNachverfolgung": false,
  "customNeukunde": false,
  "customProjektportfolio": false,
  "customEntscheidGL": false,
  "customCMICloudKunde": false,
  "customLODesktopKantonslizenzvorhanden": false,
  "cp_Geschaeftsfaelder": {
    "geschaeftseigner": "Mail Test; MAILTEST",
    "status": "In Bearbeitung",
    "typFrench": "Affaire",
    "typGerman": "Geschäft"
  },
  "geschaeftseigner": {
    "guid": "1fee4ba0-4b83-48c8-92e6-4ccd9e4d8854",
    "url": "/Organisationseinheit/1fee4ba04b8348c892e64ccd9e4d8854",
    "displayName": "Mail Test; MAILTEST"
  },
  "customGeschaeftDossiertyp": null,
  "customGeschaeftAuftraggeber": null,
  "customGeschaeftBenutzer": null
}

Weitere

Debug Enpoints

Health
Info
Version
Throttling

Throttling

Basis Funktionen

Zur einfachheit wurde das Throttling böse runtergedreht

"Throttling": { "MaxConcurrentRequests": 3, "MaxWaitingRequests": 1 }

1x Parallel -> 200
3x Parallel -> 200
4x Parallel -> 200 (delay)
10x Parallel -> 200(x4) + 429 (x6)

Queue

Erneute Anpassungen in den appsettings

"Throttling": { "MaxConcurrentRequests": 1, "MaxWaitingRequests": 3 }

4x Parallel -> 200 (delay)
Requests nach FIFO abgearbeitet

Quartz 5

Explorer