Documentation Center

Configuring security settings for the Add-ons Service

Configure security settings for the Add-ons Service by editing the authsettings.json file. If upgrading from 9.1, you need to migrate the existing security settings so that Add-ons Service makes Access Management as the source for OpenID Connect calls rather than direct calls to the external identity provider. The old way of directly configuring a provider is deprecated in 9.5.

Before you begin

This task has the following prerequisites:
  • Access Management is installed.
  • You have access as an Administrator to the server where the Add-ons Service service is installed.

Procedure

  1. Go to the Add-ons Service root folder.
    On a Windows machine, this location defaults to c:\Program Files\SDL\Tridion\Add-on Service\.
  2. Do one of the following:
    • If you do not see a file authsettings.json in this location, create a file by that name.
    • If you are upgrading SDL Tridion Sites 9.1 where you secured the Add-ons Service directly with an identity provider, you should see an existing authsettings.json file. Make a copy of the file and place it in a safe location for future reference.
  3. Open authsettings.json for editing.
  4. Include the settings from the following sample to enable security and define Access Management as the authority for making OpenID Connect calls:
    {
    "EnableSecurity": true,
     
    "OpenIdConnect": {
    "Audience": "Tridion.AddonService",
    "Authority": https://SERVER_URL/access-management,
    "ClientId": "Addon_Manager",
    "ValidateAudience": true
    }
    }

    Where SERVER_URL is the URL of the Access Management server.

  5. If you are editing an existing file that contains a Mappings section, as when upgrading from 9.1, delete this section from the file. It should now only include the settings shown in step 4.
  6. Save and close the file.
  7. Apply your changes by restarting the Add-ons Service.

Results

If you have any security settings configured in the appsettings.json, the authsettings.json settings now override those settings.