Setting up a connection from a Content Delivery microservice to a secured Add-on service

To set up a connection a secured Add-on service on a Content Delivery Add-on service client, that is, a machine on which one or more Content Delivery microservices run, set a number of environment variables, either system-wide or by adding a series of -D switches to your microservice installation or startup script.

Procedure

  1. Access your client environment.
  2. Create an environment variable called openidconnecturl and set it to the URL of your identity provider.
  3. Create an environment variables called openidconnectclientid and set it to a client ID that is authorized to obtain an access token from the identity provider.
  4. Create an environment variables called openidconnectclientsecret and set them to a client secret that authorizes the client identified by the client ID to obtain an access token from the identity provider.
  5. SDL strongly recommends entering any sensitive strings, such as passwords, in encrypted form. You can obtain the encrypted form of a sensitive string by doing the following:
    1. In a command shell, navigate to a location that contains the files udp-core-BUILD.jar and udp-common-util-BUILD.jar, where BUILD is the JAR file's build number. For example, you can find these files on the installation media in the folder Content Delivery\roles\api\rest\java\lib\
    2. Depending on your operating system, enter one of the following commands:
      Windows operating systems
      java -cp udp-core-BUILD.jar;udp-common-util-BUILD.jar com.tridion.crypto.Encrypt INPUT
      Unix operating systems
      java -cp udp-core-BUILD.jar:udp-common-util-BUILD.jar com.tridion.crypto.Encrypt INPUT

      where INPUT is the unencrypted string. (You may wish to redirect output to a file for easy copy-pasting of the tool's response.)

      The tool returns the following kind of response:
      Configuration value = encrypted:9FUJ9CP81Oj63VhnJxcqx//pW3fP4bekeupIexctzcs=

      where the encrypted string is encrypted:9FUJ9CP81Oj63VhnJxcqx//pW3fP4bekeupIexctzcs=

  6. Create an environment variable called openidconnectprovidertype and set it to one of the following values:
    ValueMeaning
    AzureA Microsoft Azure identity provider
    Auth0An Auth0 identity provider
    OpenAMAn OpenAM identity provider
    ADFSAn Active Directory File System identity provider
  7. Depending on your identity provider, create and set one of the following environment variables:
    • If your IdP is Azure, set openidconnectresource to the Azure resource.
    • If your IdP is Auth0, set openidconnectaudience to the Auth0 audience.
    • If your IdP is OpenAM, set openidconnectscope to the scope of OpenAM.