SOT
    • Introduction
    • Release notes
      • 2025.03.00
        • RC2
        • RC1
      • 2025.02.01
        • SP10
        • SP9
        • SP8
        • SP7
        • SP6
        • SP5
        • SP3
        • SP2
        • SP1
      • 2025.02.00
        • SP25
        • SP24
        • SP23
        • SP22
        • SP21
        • SP20
        • SP19
        • SP18
        • SP17
        • SP16
        • SP15
        • SP14
        • SP13
        • SP12
        • SP11
        • SP10
        • SP9
        • SP8
        • SP7
        • SP6
        • SP5
        • SP4
        • SP3
        • SP2
        • SP1
    • Getting started
      • Getting access
      • Login
      • Main screen
      • Welcome dashboard
      • Detecting process anomalies
      • Analyzing data and detecting event sequences
      • Analyzing KPIs
    • How-tos
      • Monitors on production lines
        • Configuring the automatic login in the Smart Operations Toolkit
        • Configuring the automatic login to the identity provider with the Windows user
        • Setting cookies in the browser
        • Configuring the automatic logout in the Smart Operations Toolkit
        • Configuring the command line parameters in the browser
        • Known limitations and troubleshooting
      • Try out the APIs
    • Integration guide
      • Underlying concepts
        • Underlying concepts
        • Onboarding
        • Security
        • Communication
      • Integration journey
      • Example integrations
        • Node-RED
        • Power BI
      • Overview of APIs
    • Operations manual
      • Release
      • System architecture and interfaces
      • System requirements
        • Cluster requirements
        • Database requirements
        • Support for service meshes
      • Migration from previous SOT versions
      • Setup and configuration
        • Deployment process
        • Deployment with Helm
        • Advanced configuration
        • Integrations with external secret management solutions
        • Context paths
        • Service accounts and authorizations
        • Validation tests
        • Setup click once
        • Database user setup and configuration
      • Start and shutdown
      • Regular operations
        • User management & authentication
        • How to add additional tenants
        • How to access the cluster and pods
        • Automatic module role assignments in customer tenants
        • User credentials rotation - database and messaging secrets
      • Failure handling
        • Failure handling guidelines
        • Ansible operator troubleshooting
        • How to reach BCI for unresolved issues
      • Backup and restore
      • Logging and monitoring
        • The concept and conventions
        • ELK stack
        • ELK configurations aspects for beats
        • Proxy setup for ELK
        • Health endpoints configurations
      • Known limitations
      • Supporting functions
      • Security recommendations
        • Kubernetes
        • Security Best Practices for Databases
        • Certificates
        • Threat detection tools
    • Infrastructure manual
      • Release
      • System architecture and interfaces
        • RabbitMQ version support
      • System requirements
      • Migration from previous SOT infrastructure versions
      • Setup and configuration
        • Deployment process of the SOT infrastructure Helm chart
        • Deployment with Helm
      • Start and shutdown
      • Regular operations
        • RabbitMQ
          • User management & authentication
          • Disk size change
          • Upgrade performance with high performant disk type
          • Pod management policy
      • Failure handling
        • Connection failures
        • Data safety on the RabbitMQ side
        • Fix RabbitMQ cluster partitions
        • Delete unsynchronized RabbitMQ queues
        • How to reach BCI for unresolved issues
      • Backup and restore
      • Logging and monitoring
      • Known limitations
    • Training
    • Glossary
    • Further information and contact
Smart Operations Toolkit
  • Smart Operations Toolkit
    • Deviation Processor
    • Multitenant Access Control
    • Notification Service
    • Ticket Management
    • Web Portal
  • Shopfloor Management
    • Andon Live
    • KPI Reporting
    • Operational Routines
    • Shift Book
    • Shopfloor Management Administration
  • Product & Quality
    • Process Quality
    • AI Services
  • Machine & Equipment
    • Condition Monitoring
    • Device Portal
  • Enterprise & Shopfloor Integration
    • Information Router
    • Master Data Management

SOT Learning Portal

  • Smart Operations Toolkit
  • Integration guide
  • Example integrations
  • Node-RED

Node-RED integration

Node-RED is a programming tool for wiring together hardware devices, APIs and online services in new and interesting ways.

It provides a browser-based editor that makes it easy to wire together flows using the wide range of nodes in the palette that can be deployed to its runtime in a single-click.

This is a short guide on how to set-up Node-RED to act as a module in Smart Operations Toolkit.

Prerequisites

  1. Node.js installed on your machine.

  2. npm (Node Package Manager) comes with Node.js.

  3. Docker installed on your machine (if using Docker).

  4. Module creation permissions in Smart Operations Toolkit.

Installation

Local

To install Node-RED you can use the npm command that comes with node.js:

npm install -g --unsafe-perm node-red

Docker

Node-RED provides base docker image. The base image can be pulled and configured from dockerhub.

Configure authentication

  1. To enable user authentication, uncomment the adminAuth property in your settings.js file.

  2. For SSO within SOT Web Portal, authentication should be configured with passport-openidconnect strategy.

  3. The verify method should be coded with ACL from the portal to check if the user has proper access to the application.

Node-RED provided two types of permissions. Read and all(*).

Example configuration
adminAuth: {
    type:"strategy",
    strategy:{
        name:"openidconnect",
        label: "Sign in with SOT",
        icon:"fa-twitter",
        strategy: require("passport-openidconnect").Strategy,
        options:{
            clientID: process.env.clientID,
            clientSecret: process.env.clientSecret,
            authorizationURL: process.env.authorizationURL,
            tokenURL: process.env.tokenURL,
            userInfoURL: process.env.userInfoURL,
            logout_path: process.env.logout_path,
            issuer: process.env.issuer,
            callbackURL: process.env.callbackURL,
            scope: process.env.scope,
            verify: function(issuer, profile, sub, jwtClaims, accessToken, refreshToken, params,done){
            var introspectURL = process.env.introspectURL;
            console.log("AccessToken",accessToken);
            const bodyData = {
                    "token": accessToken,
                    "client_id": process.env.clientID,
                    "client_secret": process.env.clientSecret
                }
            fetch(introspectURL,{method:"post", headers: new Headers({
                "Authorization":"Basic Og==","Content-Type":"application/x-www-form-urlencoded"
            }),body:new URLSearchParams(bodyData)}).then(response => {
                if (!response.ok) {
                    throw new Error(`HTTP error! Status: ${response.status}`);
                }
                return response.json();
            }).then(data => {
                const responseItemList = data['roles']
                const targetResourceAdmin = responseItemList.find(item => item.includes("Admin-Demo-Node-Red"));
                const targetResourceViewer = responseItemList.find(item => item.includes("View-Demo-Node-Red"));
                if (targetResourceAdmin){
                    customProfile = {username:profile.username,permissions:"*"};
                    done(null, profile);
                }else if(targetResourceViewer){
                    customProfile = {username:profile.username,permissions:"read"};
                    done(null, profile);
                }else{
                    done(null, false);
                }

            }).catch(error => {
                console.error('Fetch error:', error);
            });
        }
        }
    },
    users: function(username) {
        return new Promise(function(resolve) {
            if (customProfile) {
                resolve(customProfile);
            } else {
                resolve(null);
            }
        });
    },
}

The users property is an array of user objects. It is function which solves to give the user the appropriate permissions based on ACL.

Once the node red is configured with openidconnect, it can be used as an standalone application with login via Smart Operations Toolkit or through Web Portal after registration.

Register with SOT

To register with Smart Operations Toolkit, the application has to be registered with Multi Tenant Access Control and Web Portal.

Multi Tenant Access Control registration

To register your application with Multi Tenant Access Control, please check out the Multi Tenant Access Control guide.

Web Portal registration

To register your application with Web Portal, please check out the Web Portal guide.

Contents

© Robert Bosch Manufacturing Solutions GmbH 2023-2026, all rights reserved

Changelog Corporate information Legal notice Data protection notice Third party licenses