Documentation Center

Add custom bootstrap data to Access Management

Create a custom bootstrap file to automatically add your custom data to Access Management whenever the application starts up.

About this task

Access Management provides a bootstrapping mechanism for automatically adding predefined data to the system. By default, there are bootstrap files for Access Management itself, the Add-ons feature, and Content Manager. In addition to these default files, you can create a custom file to add more data to the environment.

With your custom bootstrap file, you can add predefined data to Access Management for the following entities:
  • Identity providers
  • Custom applications
  • Custom API resources and roles
  • Custom service account

Procedure

  1. Create a JSON bootstrap file and name it according to the standard Bootstrap.{ModuleName}.json.
    Example: Bootstrap.Custom.json
  2. In the file, create the following structure to define a section for each of the four entity types:
    {
        "Applications": [ ],
        "ApiResources": [ ],
        "IdentityProviders": [ ],
        "ServiceAccounts":[ ]
    }
  3. In each section's array, add properties to define one or more custom entities.
    The following example shows one custom entity defined in each of the four sections:
    {
      "Applications": [
        {
          "clientId": "Custom_Application",
          "name": "Custom Application",
          "redirectUrls": [
            "${CM_BASEURL:-https://YOURCMHOSTNAME:81}/custom_application/signin-oidc"
          ]
        }
      ],
      "ApiResources": [
        {
          "key": "CustomApplicationAPI",
          "name": "Custom Application API",
          "roles": [
            {
              "key": "CustomApplication.Administrator",
              "name": "Administrator"
            }
          ]
        }
      ],
      "ServiceAccounts": [
        {
          "name": "Custom Application API Client (admin)",
          "clientId": "335964ef-b818-4627-ac95-c21faf809b15",
          "clientSecrets": [],
          "accessControlEntry": {
            "apiResources": [
              {
                "key": "CustomApplicationAPI"
              }
            ],
            "apiResourceRoles": [
              {
                "key": "CustomApplication.Administrator"
              }
            ]
          }
        }
      ],
     "IdentityProviders": [
        {
          "key": "AMSOpenIDConnect",
          "name": "Amsterdam OpenID Connect",
          "isEnabled": true,
          "description": "Amsterdam's OpenID Connect identity provider",
          "type": "OpenID Connect",
          "accessControlList": [
            {
              "applications": [
                {
                  "clientId": "Access_Management"
                },
    			{
                  "clientId": "Custom_Application"
                }
              ],
              "apiResources": [
                {
                  "key": "Tridion.AccessManagement"
                },
                {
                  "key": "CustomApplicationAPI"
                }			
              ],
              "apiResourceRoles": [
                {
                  "key": "Tridion.AccessManagement.Administrator"
                },
                {
                  "key": "CustomApplication.Administrator"
                }			
              ]
            }
          ],
          "forwardedClaims": [],
          "parameters": {
            "serverAddress": "host.somewhere.com",
            "searchAccount": "cn=admin,o=tridion",
            "searchAccountPassword": "password",
            "userBaseDn": "ou=people,o=tridion",
            "groupBaseDn": "ou=groups,O=tridion",
            "groupMemberAttribute": "member",
            "additionalAttributes": "sn,objectclass",
            "separator": "\\",
            "usernameClaim": "uid",
            "fullNameClaim": "cn"
          }
        }
      ]  
    }
  4. Save the bootstrap file to the \Resources subfolder of the Access Management application.
  5. Go to the bin\ subfolder of the root folder where the Access Management service is installed.
  6. Open appsettings.json for editing.
  7. In the Bootstrap section, add the custom file to the existing list of bootstrap files (listed either by relative file path or module name).
    The following example shows the "Custom" bootstrap file added as a module:
    "Bootstrap": {
        "Modules": "AccessManagement, AddonService, SitesCM, Custom"
      }
  8. Save and close appsettings.json.

Results

Every time Access Management starts up, the bootstrap files are validated, the data is merged, and the final bootstrap data is added to the system.