Documentation Center

Connecting Content Delivery to a secured Add-ons Service

If you have secured your Add-ons Service, ensure that Content Delivery can connect to it by defining environment variables in your Content Delivery environment.

Before you begin

This task has the following prerequisites:
  • You have access as an Administrator each Content Delivery server on which one or more Content Delivery microservices are installed.
  • You know the following information:
    • URL of the installed Access Management service
    • Client ID and Client Secret for the service account for the Add-ons Service, as configured Access Management

About this task

On each server running one or more Content Delivery microservices, you need to set a number of environment variables. You can do this system-wide or by adding a series of -D switches to your microservice installation or startup script.

Procedure

  • On each server in the Content Delivery environment, create the following environment variables:
    Environment variable nameValue
    openidconnecturlSet to the URL of the installed Access Management application using the following pattern:

    PROTOCOL://HOST:PORT/access-management/connect/token

    Where:
    • PROTOCOL is http or https, depending on configuration. When you first install Access Management, it is HTTP; however, for a production environment, RWS recommends that you enable HTTPS.
    • HOST and PORT match the values set when installing Access Management.
    openidconnectclientidSet to the client ID defined in Access Management for the Add-ons Service API's service account.
    openidconnectclientsecretSet to the client secret defined in Access Management for the Add-ons Service API's service account.
    openidconnectprovidertypeSet to the following: ADFS
  • RWS strongly recommends entering any sensitive strings, such as passwords, in encrypted form. You can obtain the encrypted form of a sensitive string by doing the following:
    1. In a command shell, navigate to a location that contains the files udp-core-BUILD.jar and udp-common-util-BUILD.jar, where BUILD is the JAR file's build number. For example, you can find these files on the installation media in the folder Content Delivery\roles\api\rest\java\lib\
    2. Depending on your operating system, enter one of the following commands:
      Windows operating systems
      java -cp udp-core-BUILD.jar;udp-common-util-BUILD.jar com.tridion.crypto.Encrypt INPUT 
      Unix operating systems
      java -cp udp-core-BUILD.jar:udp-common-util-BUILD.jar com.tridion.crypto.Encrypt INPUT 

      where INPUT is the unencrypted string. (You may wish to redirect output to a file for easy copy-pasting of the tool's response.)

      The tool returns the following kind of response:
      Configuration value = encrypted:9FUJ9CP81Oj63VhnJxcqx//pW3fP4bekeupIexctzcs=

      where the encrypted string is encrypted:9FUJ9CP81Oj63VhnJxcqx//pW3fP4bekeupIexctzcs=